My Gmail account was hacked

  On 5/19/2011 at 10:50 AM, hahathhat said:

and expensive!!

 

my phone costs $35/mo or so. i don't use it much. most of my work is over email and skype...... i value my cable internet much more highly.

i never used my old phone much either, but i use my droid all the time. mp3s, audiobooks, camera, camcorder, gps, maps, streetview, augmented reality, usb drive, flashlight, email, internet, youtube, radio, calculator, games, alarm clock, currency converter, track id, ssh, torrents, wifi analyzer, nanoloop, 2-factor auth, even works as a key to get into my building... every month it seems to gain new capabilities... most amazing device i've ever owned... and it fits in my pocket, and works everywhere... i still never use the phone, though.

  On 5/29/2010 at 12:27 PM, phling said:

Was your password a stupid one i.e. 'boobs23'?

Hey, me too!

  On 5/19/2011 at 10:59 AM, chaosmachine said:

. i still never use the phone, though.

lol me too

  On 5/19/2011 at 10:59 AM, chaosmachine said:

  On 5/19/2011 at 10:50 AM, hahathhat said:

and expensive!!

 

my phone costs $35/mo or so. i don't use it much. most of my work is over email and skype...... i value my cable internet much more highly.

 

i never used my old phone much either, but i use my droid all the time. mp3s, audiobooks, camera, camcorder, gps, maps, streetview, augmented reality, usb drive, flashlight, email, internet, youtube, radio, calculator, games, alarm clock, currency converter, track id, ssh, torrents, wifi analyzer, nanoloop, 2-factor auth, even works as a key to get into my building... every month it seems to gain new capabilities... most amazing device i've ever owned... and it fits in my pocket, and works everywhere... i still never use the phone, though.

sounds like you actually leave your house reguarly

2-step verification complete

http://www.youtube.com/watch?v=ZWYdidITDrk

Just thought I'd have a look to see if I can get into my account activity on Hotmail. This is what I found:

  Quote

I'm sorry to inform you that we can't provide you with any logs of your account's recent activity. This is due to our strict compliance with the Electronic Communications Privacy Act (ECPA) in the United States, and other privacy regulations worldwide, we can’t look into an account’s private info. We also can’t divulge details about any of our users’ account.

Why am I still with hotmail? They cause me no end of problems. Wish Lycos didn't close

tell me your password and i can work this thing out.

  On 5/19/2011 at 9:45 AM, pattern recognition said:

i've had two occasions now where emails were sent from my gmail account to a group of 6 or so of my contacts. i checked the recent activity on my account the second time it happened and saw that someone from greece had logged in. i changed my password but have been keeping an eye on the activity and tonight i see that someone logged into my account from the bronx, ny.

 

is gmail especially susceptible to hacking like this? should i close this account and get a different one? should i avoid gmail?

 

code red!

I have no idea how it happened to me still. I'm pretty paranoid about software I install, websites I visit, account permissions, I'm even running MSE just in case. Maybe I checked my email on somebody else's keylogger-ridden virus machine. Anyways, I changed my password and it hasn't happened since, same system and everything, never found a virus. (also changed all my banking passwords and such)

  On 5/19/2011 at 9:01 PM, Bubba69 said:

  On 5/19/2011 at 9:45 AM, pattern recognition said:

i've had two occasions now where emails were sent from my gmail account to a group of 6 or so of my contacts. i checked the recent activity on my account the second time it happened and saw that someone from greece had logged in. i changed my password but have been keeping an eye on the activity and tonight i see that someone logged into my account from the bronx, ny.

 

is gmail especially susceptible to hacking like this? should i close this account and get a different one? should i avoid gmail?

 

code red!

 

I have no idea how it happened to me still. I'm pretty paranoid about software I install, websites I visit, account permissions, I'm even running MSE just in case. Maybe I checked my email on somebody else's keylogger-ridden virus machine. Anyways, I changed my password and it hasn't happened since, same system and everything, never found a virus. (also changed all my banking passwords and such)

i just activated 2-step authentication, so i'm feeling more secure, although i had used that account for communication with paypal, ebay and other sites with potentially sensitive information. both times this happened to me on my work pc, which is behind a pretty serious firewall and is regularly scanned for viruses.

i'm not really sure how it happened, and my faith in gmail security was all but gone, but 2-step authentication seems pretty good. i like the application-specific passwords, i'm still worried that this was somehow the result of email on my iphone.

  On 5/19/2011 at 9:23 PM, pattern recognition said:

  On 5/19/2011 at 9:01 PM, Bubba69 said:

  On 5/19/2011 at 9:45 AM, pattern recognition said:

i've had two occasions now where emails were sent from my gmail account to a group of 6 or so of my contacts. i checked the recent activity on my account the second time it happened and saw that someone from greece had logged in. i changed my password but have been keeping an eye on the activity and tonight i see that someone logged into my account from the bronx, ny.

 

is gmail especially susceptible to hacking like this? should i close this account and get a different one? should i avoid gmail?

 

code red!

 

I have no idea how it happened to me still. I'm pretty paranoid about software I install, websites I visit, account permissions, I'm even running MSE just in case. Maybe I checked my email on somebody else's keylogger-ridden virus machine. Anyways, I changed my password and it hasn't happened since, same system and everything, never found a virus. (also changed all my banking passwords and such)

i just activated 2-step authentication, so i'm feeling more secure, although i had used that account for communication with paypal, ebay and other sites with potentially sensitive information. both times this happened to me on my work pc, which is behind a pretty serious firewall and is regularly scanned for viruses.

 

i'm not really sure how it happened, and my faith in gmail security was all but gone, but 2-step authentication seems pretty good. i like the application-specific passwords, i'm still worried that this was somehow the result of email on my iphone.

so you're worried about gmail's security, but then think that it's a result of having email on your iPhone?

Gmail IMAP requires SSL afaik. So a man in the middle attack on public wireless networks isn't very likely.

i never had this probalem probably cuz my passwords really hard to guess it. its not anything anyone would ever guess in there life

  On 5/19/2011 at 9:27 PM, oscillik said:

so you're worried about gmail's security, but then think that it's a result of having email on your iPhone?

that's the kind of the information i'm completely brainless about--where's the security issue? i'm worried about all of it, really.

how is my account logged in from greece one day, and then two days later (after i'd changed my password) in the bronx? my brain hurts.

  On 5/19/2011 at 10:49 PM, sup said:

i never had this probalem probably cuz my passwords really hard to guess it. its not anything anyone would ever guess in there life

yes, that's what i thought. :sup:

so now i'm using 2-step authentication and a device-specific password for my phone.

my "latest activity" shows someone as accessing my account 53 minutes ago via IMAP from ny, and like i said, i'm in the midwest. is there any way this could be related to at&t's network? all the other times i've ever looked at the activity, it shows my IMAP access as being in MN, where i live.

I really appreciate all the information, i'm finding that i'm clueless when it comes to anything network computer related.

  Quote

my "latest activity" shows someone as accessing my account 53 minutes ago via IMAP from ny, and like i said, i'm in the midwest. is there any way this could be related to at&t's network?

post the ip.

the IP i got was one from serbia. quite possibly a hacked box itself.... and, again, i have yet to find out how the fuck this happened in the first place. which really bothers me.

edit: and the spam was for "wikipharmacy" or something under a predictably gibberish untrackable url

  On 5/20/2011 at 1:39 AM, chaosmachine said:

  Quote

my "latest activity" shows someone as accessing my account 53 minutes ago via IMAP from ny, and like i said, i'm in the midwest. is there any way this could be related to at&t's network?

 

post the ip.

166.137.136.202

  On 5/20/2011 at 1:42 AM, hahathhat said:

the IP i got was one from serbia. quite possibly a hacked box itself.... and, again, i have yet to find out how the fuck this happened in the first place. which really bothers me.

 

edit: and the spam was for "wikipharmacy" or something under a predictably gibberish untrackable url

that's the thing that's pissing me off, i want to know how it happened even if it doesn't happen again.

my spam was an address that led to a canadian pharmacy.

  On 5/20/2011 at 1:44 AM, pattern recognition said:

  On 5/20/2011 at 1:39 AM, chaosmachine said:

  Quote

my "latest activity" shows someone as accessing my account 53 minutes ago via IMAP from ny, and like i said, i'm in the midwest. is there any way this could be related to at&t's network?

 

post the ip.

166.137.136.202

that's an at&t mobile ip, so if you're going out over 3g or whatever, it's quite possibly yours.

  On 5/20/2011 at 1:51 AM, chaosmachine said:

  On 5/20/2011 at 1:44 AM, pattern recognition said:

  On 5/20/2011 at 1:39 AM, chaosmachine said:

  Quote

my "latest activity" shows someone as accessing my account 53 minutes ago via IMAP from ny, and like i said, i'm in the midwest. is there any way this could be related to at&t's network?

 

post the ip.

166.137.136.202

 

that's an at&t mobile ip, so if you're going out over 3g or whatever, it's quite possibly yours.

yeah, i would have been on 3g at that time. so my location doesn't necessarily dictate what location shows up the access point on the 3g network? i'm going to keep track of when i access email via IMAP for a bit and see if "ny" shows in my recent activity.

i'm assuming i should be pretty secure the way i have things set up?

thanks for the info, chaosmachine.

i'm guessing i used the same password somewhere else, something i'm seeking not to do again. but i still don't have any answers, which is upsetting.

a couple weeks ago i logged into gmail from public wifi on my laptop. the little lock icon and https url gave me the impression i was ok. that is the only recent possible way someone could have snooped on my LAN shit, and i don't think that's how it happened. i keep things up to date, and everything's behind a router too dumb for anyone to fuck with. and i went through shit with a fine-tooth comb after this incident, to find nothing wrong.

the whole thing had a very drive-by smell. they got my contact list, blasted emails until the account died, then left. this speaks to it being done by a piece of software, not a person. this was someone who only cared about blasting spams, not what was in my account, thank god. you don't base a career off of 500 spams, so my account would obviously have to be one of many commandeered. this tells me the responsible party is effectively hacking large numbers of gmail accounts. for that reason, it pisses the fuck out of me that google is a sphinx here, no way to talk to them about it.... maybe they've been hacked!

Is gmail susceptible to cross-site scripting?

i'm guessing probably not, but it might be something to check out.

http://en.wikipedia.org/wiki/Cross-site_scripting#Exploit_scenarios

My GMail was hacked probably about a year ago. Same thing, sent out some pharma site bullshit. I changed my PW to something more difficult, and like you guys keep a tight watch on my machine. Perhaps something to do with the China Google hacking stuff from a while back?