The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Sun Nov 24, 2024 8:29 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Gmail account hacked :(
PostPosted: Thu Sep 09, 2010 8:47 am 
Offline
Sensitive Ponytail Guy
User avatar

Joined: Fri Sep 04, 2009 10:18 pm
Posts: 2765
Logged on this morning to the following message:

"Warning: We believe your account was recently accessed from: China (119.96.151.8)."

and 60 "undeliverable message" bounces in my inbox. When I checked my sent folder, I found a total of 311 messages sent to various people, trying to phish their WoW account login information.

Needless to say - not happy.

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 09, 2010 9:06 am 
Offline
The Dancing Cat
User avatar

Joined: Wed Nov 04, 2009 2:21 pm
Posts: 9354
Location: Ohio
That blows man.

_________________
Quote:
In comic strips the person on the left always speaks first. - George Carlin


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 09, 2010 9:23 am 
Offline
Deuce Master

Joined: Thu Sep 03, 2009 9:45 am
Posts: 3099
Did you at least get free triple ex pron out of it?

_________________
The Dude abides.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 09, 2010 9:26 am 
Offline
Sensitive Ponytail Guy
User avatar

Joined: Fri Sep 04, 2009 10:18 pm
Posts: 2765
Screeling wrote:
Did you at least get free triple ex pron out of it?
Nope :(

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 09, 2010 1:19 pm 
Offline
Sensitive Ponytail Guy
User avatar

Joined: Fri Sep 04, 2009 10:18 pm
Posts: 2765
Well, I'm not the only one - and it isn't exactly a new phenomenon:

CNET Asia wrote:
OMG! My Gmail was hacked!
Spoiler:
Mar 23, 2010 22:04
How could this have happened to me?

It shouldn't have happened to me!

I've played the game well, a secure alphanumeric password with no logins at public hotspots. The only access outside of home would be on a secure network, and my BlackBerry. This has never happened to me before and I've not done anything out of the ordinary these few days.

Well, you guys and gals out there, just be careful. It could happen to you, too!

Let me get some brief definitions out of the way. SPAM--the ever popular term for emails which are basically junk emails. PHISHING attacks--attacks to get some information from the email account holder. And the probably less publicized SPOOFS--being email sent using your email as the "sent from" point. All these three forms of considerable tech crimes are common and probably inconsequential to reasonably knowledgeable email users.

Stumbling onto something different and worrisome, my Gmail "sent box" sent emails from my Gmail account to addressees NOT in my contacts list, and furthermore with content that I did not write! Here's a picture
Image
That's obviously SPAM, which looks like it was sent out from my Gmail.

What's worse is that it was most definitely sent from my account and NOT SPOOF as it even had my signature on it.

This is most definitely the work of an EVIL BOT. Hopefully, there wasn't an organic hacker behind the scene of this evil plot. Goodness knows what secrets Alan Tan's inbox holds.
Image
Yup! my signature is on it, contrary to spoof.

Do not wrong me for not having secure computers. I have not recently accessed Gmail from any unsecure computers or hotspots. The computers which had my Gmail accounts running at the time the spam was sent out had corporate versions of Norton antivirus running 24/7.

The rest of the computers in my home network, which I access my Gmail from, all had Microsoft Security essentials running on it in addition to Norton. All these "branded" antivirus applications, and still, security wasn't tight enough?

Moreover, my mobile Internet access is from my BlackBerry, through a secure server. I could understand an iPhone or Android smartphone being vulnerable to hacking, considering they do not run any security software.

Googling for answers, the usual blame went to the lack of spyware or malware security, password theft from popular sources such as social-networking sites, Facebook was a frequent victim.

A rather recent theory surfaced that Gmail itself could have been compromised, been hacked into, considering the cold Internet war being waged on Google by a subcontinent of hackers.

Is there a hole in Gmail's security? That's the big question.

Nevertheless, my resolution for this series of unfortunate events would be frequent password changes to my Gmail account at least once every three months, as per my corporate protocol.

I've always hated the way corporate security is, having to change my password for email access once every three months or so. I had to learn the hard way regarding the practicality of corporate security.

For the time being, I've changed my Gmail password and security question and, hopefully, this was a once-off attack on my account. I'll log off Gmail every time I'm not online (there goes Google Talk), will also disable Google Chat on my browser and PC and leave it only on my BlackBerry.

I'll be keeping tabs on my Gmail Sent box to see if this happens again.

Any other ideas, anyone?

There doesn't seem to be any other way to enhance security in Gmail, and anymore security would be left to Gmail itself.

To everyone out there, remember that the lack of cyber security is very real.

I never knew it could happen to me. :(
GMailBlog wrote:
Detecting suspicious account activity
Spoiler:
Wednesday, March 24, 2010 | 9:00 AM

Posted by Pavni Diwanji, Engineering Director

A few weeks ago, I got an email presumably from a friend stuck in London asking for some money to help him out. It turned out that the email was sent by a scammer who had hijacked my friend's account. By reading his email, the scammer had figured out my friend's whereabouts and was emailing all of his contacts. Here at Google, we work hard to protect Gmail accounts against this kind of abuse. Today we're introducing a new feature to notify you when we detect suspicious login activity on your account.

You may remember that a while back we launched remote sign out and information about recent account activity to help you understand and manage your account usage. This information is still at the bottom of your inbox. Now, if it looks like something unusual is going on with your account, we’ll also alert you by posting a warning message saying, "Warning: We believe your account was last accessed from…" along with the geographic region that we can best associate with the access.
Image
To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert.

By clicking on the "Details" link next to the message, you'll see the last account activity window that you're used to, along with the most recent access points.
Image
If you think your account has been compromised, you can change your password from the same window. Or, if you know it was legitimate access (e.g. you were traveling, your husband/wife who accesses the account was also traveling, etc.), you can click "Dismiss" to remove the message.

Keep in mind that these notifications are meant to alert you of suspicious activity but are not a replacement for account security best practices. If you'd like more information on account security, read these tips on keeping your information secure or visit the Google Online Security Blog.

Finally, we know that security is also a top priority for businesses and schools, and we look forward to offering this feature to Google Apps customers once we have gathered and incorporated their feedback.

I've already spent some quality time this morning changing passwords on Gmail, Facebook, Netflix, Pandora, etc ...

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 09, 2010 3:18 pm 
Offline
User avatar

Joined: Thu Sep 24, 2009 4:57 am
Posts: 849
I had something similar happen about a month or two ago, though I couldn't find any sent emails or any changes made otherwise. If they did more than snoop, they took some time to clean up after themselves, and no one on my address list noticed anything.

Did make me wonder how it happened. I didn't exactly have a strong password (rarely use gmail to begin with, and not for anything of top priority) but it seems unlikely they just brute force random passwords. Ah well, lots of possibilities and it's ultimately just a matter of curiosity, as beyond changing passwords to be better (done for a lot of stuff since) there isn't much different I can do.

Pretty happy that Google now includes that information though on your Gmail account. Even if it didn't result in any substantial negatives for me, I like the idea of it very much. Perhaps it will spread to more online accounts too... though if I had to guess, I'd imagine online banking already includes something similar?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 177 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group