[JimFin]

hi,


My gMail a/c is after been hacked, says my password changed an hour ago. I have no idead how this happened and am very concerned about it. I use the a/c alot and there is a lot of important information in it.

Can anyone provide me with a direct phone contact in google that may be able to help as the tech support said it would be 3-5 days before they investigate it.

Anyone offer any advice at all or past expierience?

[El Spearo]

happened to my windows live account about a year ago.

but i wasn't locked out of the account...which im presuming you are right now?

[JimFin]

Yes fully locked out. Can see the alternative email address changed to something unusual. How I'd love to walk into the room where the hacker is right now

[Owen]

It depresses me that in 2012 'My password or security question was guessed' equates to 'my email was hacked'.

[JimFin]

Thanks for the concern Owen but as an IT professional for almost 20years I am a little better in the know than that and can assure ya my password was not guessed.

I have no idea how this happened but can tell from some of the signs that it has been hacked.

[AnCatDubh]

I don't think you'll get a direct number so you'll need to go through the process ( presumably you've gone through something like this )

If you reckon your password was secure - that a bot wouldn't guess it, then i'd be a little concerned that you may have a key logger active on your machine sending login details of anything that you log in to.

If it was a guessable password (any word in a dictionary, names list, etc..) then you probably just need to recover your a/c.

I'd recommend when you do get it back and if it is important stuff that you keep in there (don't we all!) that you give google your mobile phone number and set up two factor authentication. Before you (or anyone) logs in to your account, even with a valid password, they will sms text you a code, and without that code they won't allow login. This is a free service from google.

Good luck with it.

[JimFin]

Thanks AnCatdubh, wht worries me is that I never set up a mobile no with the a/c but there is one attached to it now or so it tells me.

[El Spearo]

Quote:

Originally Posted by JimFin

Thanks AnCatdubh, wht worries me is that I never set up a mobile no with the a/c but there is one attached to it now or so it tells me.

it sounds like the strangest hack...

i don't see the benefit of the perp linking a phone to it. It hardly mean they are trying to look more like you or something?

Is it entirely impossible a colleague but a key logger onto your machine and is laughing at you from across the room?

[JimFin]

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

[El Spearo]

Quote:

Originally Posted by JimFin

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

well wish you all the best man. unfortunately I don't see google caring too much. While I think they are one of the bigger ones, they are just simply massive.

that email does sound sus...like its generated automatically, which suggests an automated system alltogether...

if you hear anything back post it up...be interesting to hear exactly whats going on. Think gMail had a lot of changes lately...would be interesting to hear if any of those caused a breach.

[infodox]

Quote:

Originally Posted by JimFin

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies.

I snipped your quote to point out two things.

1. NOTHING is EVER completely impossible. EVER.
2. Company Policies stop NOTHING. A malicious coworker could EASILY pop a keylogger or RAT onto your box, sniff your traffic, MITM your SSL connections, or even *look over your shoulder* and get your password.

Hell, most "IT Professionals" have it on a post-it note on the screen, under their keyboard or even *gasp* in a drawer.

You likely were owned by either:
1. Phishing
2. Malware
3. Sniffing.

So, the question is:
Pissed off any co workers lately?
Kept up to date with your patches? Including third party/browser/java/flash?
Shared any USB keys or borrowed any?
Browsed any dodgy sites?
Downloaded and ran any software, plugins, or "updates"?
Have decent AV? Is it up to date?

And so on...

P.S: Sorry if I come off as very abrasive/asshole-ish, but eventually one gets sick of ""No it couldnt be that Im a professional". The sheer number of IT "professionals" and security "professionals" I have seen get owned...

[900913]

Have you used your gmail password for any other sites?

[liamo]

Quote:

Originally Posted by infodox

P.S: Sorry if I come off as very abrasive/asshole-ish, but eventually one gets sick of ""No it couldnt be that Im a professional". The sheer number of IT "professionals" and security "professionals" I have seen get owned...

+1

I am one of those "professionals" and I was well and truly owned a few years back.

I still blush at the memory of my indignant emails to eBay asking them to tell me how they could have allowed my account details to be leaked as I couldn't possibly have been responsible because I'm - y'know - "A Professional !!"

Shortly after my account was re-activated I remembered having receiving an email a few days previously (which, in hindsight, was of course a perfect example of phishing) from another eBay-er. I did what I had repeatedly advised others to NEVER EVER do - I clicked on an untrusted URL which led me to a page requesting my credentials, which I duly supplied. (Doh!)

I know a number of other "professionals" who have been similarly duped so perhaps we should start referring to ourselves as "amateurs" instead!!

[syklops]

Quote:

Originally Posted by JimFin

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

Policies I work in infosec and we have a policy of not copying company documents to personal devices. Guess what I spent the last hour doing?

A few people are saying keylogger/RAT, but I reckon it was wireless traffic that was sniffed. The OP connected to a wireless AP somewhere which had been pwned, and all traffic got routed through the 'hacker's machine, snarfing URLS and stealing sessions.

Also, owen didnt say he bet your password was guessed, he said your security question. If the security question is "What is your mothers maiden name", and you said Green, and her maiden name really is Green, thats a very easy thing to figure out.

[infodox]

as syklops said - sniffing is a likely vector. Someone can VERY easily reroute your traffic and sniff all your stuff - and using SSLStrip the "secure" connection is not worth a damn.

Though... Theres a phone attached now, if you get the number give them a call and ask how they did it