Gmail hacked? and how?

NORTH1

My gmail account at 2:47pm sent an email to everyone in my contacts list advising them to buy an apple computer from a web site!!

Message below, I've since changed my password but I'm a little concerned as to how this could have happened?

Hi
How are you?
Just a couple of days ago we bought an Apple MacBook Pro MC024LL/Afrom ! this website www.sale-good.com
It is indeed a fantastic machine, though it will take some time to get used to the new system. Wireles mouse and keyboard. Nice design.
and I love it. I paid $1260US all charges included the chose to use the Core 2 Duo but that's not all bad. This is a stable, cool running, capable processor. I use this mostly for work where stability, battery life, portability, and longevity are the most important things to me. I rarely play games. I especially like the backlit keyboard. if you want to get one.you can check it out .

regards,

What should I do next?

Brian

Max Power1

Its easy to send an email from an email address without actually accessing your account

Are you sure your account was compromised?


For peace of mind I would suggest updating both your password and security questions

Captain Chaos

My gmail account got hacked last year after Boards got hacked and members email address and passwords were copied. I used the same email and password for my gmail account, it got hacked a few weeks after Boards and I didn't bother to change my passwords even after getting warning from Boards thinking it would never happen and it did.

I learned my lesson though, every thing I use has a different password now, it's a pain trying to remember 20+ login details though.

Dermo

check the headers in the email. it mightn't have come from your email address.

Do you have your email hooked up to any email program or do you only access it online?

copacetic

NORTH1 wrote: »

My gmail account at 2:47pm sent an email to everyone in my contacts list advising them to buy an apple computer from a web site!!

Message below, I've since changed my password but I'm a little concerned as to how this could have happened?

Hi
How are you?
Just a couple of days ago we bought an Apple MacBook Pro MC024LL/Afrom ! this website www.sale-good.com
It is indeed a fantastic machine, though it will take some time to get used to the new system. Wireles mouse and keyboard. Nice design.
and I love it. I paid $1260US all charges included the chose to use the Core 2 Duo but that's not all bad. This is a stable, cool running, capable processor. I use this mostly for work where stability, battery life, portability, and longevity are the most important things to me. I rarely play games. I especially like the backlit keyboard. if you want to get one.you can check it out .

regards,

What should I do next?

Brian

This happened to me last year and 2 or 3 other people I know over last couple of years. gmail showed an access from china. Still can't work out how it was done, must have been use of a same password on a site with gmail email as my username that was cracked. Didn't think I had done that anywhere but who knows.

Wasn't phished, don't use public PCs, don't use public wireless. Who knows.

Some tips here
http://lifehacker.com/#!5110737/lessons-learned-from-a-hacked-gmail-account

NORTH1

I have changed my password for gmail. I use my Samsung phone to access the mail but I almost sure it came for the web site as the mail is in the sent box of my web browser and not on my phone.

Dermo

In that case it is probably just a clean case of someone getting your password. If you use that password on any other website you should change it.

You can see a list of ip's that have logged in to your gmail if you click the Details link beside Last Account Activity. Match the time of the email to the ip address.

NORTH1

Access Type [ ? ]
(Browser, mobile, POP3, etc.) Location (IP address) [ ? ] Date/Time
(Displayed in your time zone)
Browser * Ireland (me) 4:38 pm (0 minutes ago)
Browser Ireland (me) 4:22 pm (16 minutes ago)
Browser Ireland (me) 3:58 pm (40 minutes ago)
IMAP Ireland (me) 3:27 pm (1 hour ago)
IMAP Ireland (me) 3:18 pm (1 hour ago)
IMAP Ireland (me) 3:16 pm (1 hour ago)
Browser China (182.114.207.125) 2:47 pm (1.5 hours ago) Here's the little Fecker!!
IMAP Ireland () 1:02 pm (3.5 hours ago)
IMAP Ireland () 10:41 am (5 hours ago)
IMAP Ireland () 7:02 am (9 hours ago)

Dermo

That ip address goes to hn.kd.ny.adsl.

Just having a look through some gmail support tickets and hn.kd.ny.adsl seems to get into a lot of gmail accounts.

You should go through the steps at this link http://knol.google.com/k/manny-b/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

There isn't really much else you can do. The password might have been gotten through a public computer or an alternate website that you use the same password or just from an unsecure password.

NORTH1

Thanks for that Dermo I'm working my way through that list.

wilfitz

This happened to my wifes email account today as well. All her contacts got the same email as above. All her emails and contacts were wiped also!!! She has reset her password so hope this does it.

900913

You should consider using google's 2-step verification.

Using 2-step verification will help prevent strangers from accessing your account with just a stolen password. When you sign in with 2-step verification, you'll verify your identity using both a password and a code that you receive on your phone.

coxy123

wilfitz wrote: »

This happened to my wifes email account today as well. All her contacts got the same email as above. All her emails and contacts were wiped also!!! She has reset her password so hope this does it.

Same happened to me this morning.

tan11ie

Got the very same mail yesterday which came from my friends email address,they even ended the mail with her name....Luckily i knew the link was a virus as she got the same mail a few weeks previously from a "friend" and the virus latched onto her computer. She got it all fixed up now thankfully without losing anything off it.

NORTH1

Update Sunday I got an E-mail from play.com that they where hacked recently and all emails and passwords are now compromised, and suggests that I change my passwords.

A little late with the warning you think?

Regards,

MontgomeryClift

A friend just had her Gmail account hijacked. She got the usual spam asking to 'Fill out details or your account will be suspended,' and she ACTUALLY FILLED IT OUT.

My advice: DON'T USE GMAIL for anything serious, like a business contact address. The security is lousy, and one of the compulsory questions they ask when you try to regain control of your account is THE DATE YOUR GMAIL ACCOUNT WAS CREATED. Who would know that, and how are you supposed to check that date, when the account and all the mail in it has been HIJACKED?

Also, you can't contact Google by phone if the account is important, and you urgently need to regain control of it. You just have to fill out a form and wait. That's just not good enough. Get a proper e-mail account with phone support.

Shane O' Malley

MontgomeryClift wrote: »

A friend just had her Gmail account hijacked. She got the usual spam asking to 'Fill out details or your account will be suspended,' and she ACTUALLY FILLED IT OUT.

My advice: DON'T USE GMAIL for anything serious, like a business contact address. The security is lousy, and one of the compulsory questions they ask when you try to regain control of your account is THE DATE YOUR GMAIL ACCOUNT WAS CREATED. Who would know that, and how are you supposed to check that date, when the account and all the mail in it has been HIJACKED?

Also, you can't contact Google by phone if the account is important, and you urgently need to regain control of it. You just have to fill out a form and wait. That's just not good enough. Get a proper e-mail account with phone support.

Did gmail do anything wrong there?

Gmail security is much better than most.

Not only can you set it for https only but there is also a 2 step verification process.

Plenty of examples of people ringing support pretending to be someone else successfully.

Bottom line, use the security provided.

Shane

MontgomeryClift

Sure, Gmail is grand for recreational use, or as a secondary e-mail. It's not great for anything serious, like conducting business, whereby you might need urgent help.

Shane O' Malley

Gmail do an excellent business email service. (Free up to 50 users) as long as you own your own domain.

If a user loses control of their email account the administrator can change the password for them.

I manage a number of them for businesses and have never had a problem.

Shane

900913

MontgomeryClift wrote: »

A friend just had her Gmail account hijacked. She got the usual spam asking to 'Fill out details or your account will be suspended,' and she ACTUALLY FILLED IT OUT.

My advice: DON'T USE GMAIL for anything serious, like a business contact address. The security is lousy, and one of the compulsory questions they ask when you try to regain control of your account is THE DATE YOUR GMAIL ACCOUNT WAS CREATED. Who would know that, and how are you supposed to check that date, when the account and all the mail in it has been HIJACKED?

Also, you can't contact Google by phone if the account is important, and you urgently need to regain control of it. You just have to fill out a form and wait. That's just not good enough. Get a proper e-mail account with phone support.

I think google/gmail is one of the most secure.
As you say in you post "She got the usual spam asking to 'Fill out details or your account will be suspended,' and she ACTUALLY FILLED IT OUT."

You can't blame gmail for personal stupidity.

Your friend ACTUALLY FILLED IT OUT and then I presume sent all her credentials to something like admin.hacker@gmail.com

Shane O' Malley

900913 wrote: »

I think google/gmail is one of the most secure.
As you say in you post "She got the usual spam asking to 'Fill out details or your account will be suspended,' and she ACTUALLY FILLED IT OUT."

You can't blame gmail for personal stupidity.

Your friend ACTUALLY FILLED IT OUT and then I presume sent all her credentials to something like admin.hacker@gmail.com

I think the problem he was referring to was that there was noone in google he could ring to get control of the account back. (Had to fill out a form and wait)

The stupidity of filling out the form is not in doubt. However as access to the account was for business purposes and very important, preparations for this sort of situation should have been made such as the use of the 2 step verification system by google.

900913

Shane
I agree with you 100%

But MontgomeryClift dissed gmail because of human error.

I know it was an account that was for business purposes and very important, but I don't think any email provider could guarantee against human error/stupidity.

The hacker had/has full access to at the business info from that compromised account. And will probably send the same type of spam email to all the contacts, guessing that they all use the same security policy.

If they had a private/business email address and gave out all their credentials they would probably of gotten sacked.

Shane O' Malley

Agree with you.

Have already pointed out to him that google did nothing wrong. He wanted to point out that gmail is probably not good as a main business account if you need support quickly.

I have operated outsourced email for a number of companies and without doubt gmail is the best value i have seen. I think the basic lesson is that you need a disaster recovery plan.

Razzuh

I think gmail is one of the most secure because of the full https across the site. There is a simple system that I use to help protect against and limit the damage of a hack. Using a different password for every site is unmanageable I think, so I use three passwords.

Password 1: email account only

Password 2: any e-commerce site where I have credit-card info stored.

Password 3: All other sites (including boards). These sites are the most vulnerable to being hacked (they don't have the cash for A+ security).

Having a password only for email is most important. Just be careful that if you use any email clients (such as on phone or outlook) that they store the password encrypted so it can't be harvested by a virus.

Also, it makes sense to have two gmail accounts (or use an email provider that lets you have 2 addresses on one account such as gmx). Use one email address for site registration only, and set up your other account (a personal email address) to get the emails using POP3 (easy to do). That way if the registration account gets hacked, they won't have your contacts and private emails.

If you don't want to use the exact same email for every site, come up with a very memorable and consistent way of tailoring your common password to each site. e.g. boards[common password portion], adverts[common password portion].
This might seem too obvious if a person looked at your password, but often all the hacking work done is automated with code, so its just copy and paste stuff. If it dosen't work, they'll assume you have a different password entirely.

Sparky

Gmail has 2 step security if anyone wants to enable that

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284&hl=en

I'm using it now to be more secure