Has your Gmail been compromised?


Do you have Gmail?

“Last account activity: 5 hours ago on this computer. Details.”

How often do you check if your account has been intruded?

You should do so often! These are links I got my information:

But I don’t go to bad sites or give out my password so I don’t have to worry!

What? Are you seriously that naive? I have a good password and good security and even I, a few days ago, found this in mine:

Unknown    China (119.39.21.154)    Jan 17 (3 days ago)

http://i.imgur.com/CaBGx.jpg

As you can see it is first accessed through one IP (66.212.31.35) through a browser and then sold to someone else (someone in China (119.39.21.154) who bought the info) who checked it through a browser as well to make sure he could access it, and then accessed it on his own (shown by Gmail highlighting it in dark red) through some “unknown” means.

Actually I am assuming that is what happened as I have no hacking experience what so ever.

So what can be done once you find out someone has accessed your account????

Well you first scan your computer to make sure it doesn’t have a Trojan or key-logger on it giving out your login information. You scan first because if you are infected with those then no matter what you change your login information to they will know it.

And then what? What if it is clean?

Then you access through a clean computer and change your Password AND your Security Question. Make it unique and one that has NOT been used on ANY other sites!

Is that all?

Next I went through my emails looking for any information they could use (such as log ins or emails from sites verifying my log ins) and changed my password and security question with all other sites. I didn’t wait for any other intrusions or invasion of my privacy!

Here is more reading that will help you:

How to recover a Hacked or Compromised Gmail Account
By The “C” Man and Brett Carver

http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info:  http://www.google.com/help/security/
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments:  http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70

And even more reading (originally found posted by the same guy (bkc56) at https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en):

Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password.  Never follow a link that doesn’t go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380

Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.

Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154

Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
- Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095

Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).

Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of malware type scanners is good too.
- Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760

Password guessing
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Server attack
* When someone compromises a company’s server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.

Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.

Am I actually supposed to read all that?

Yeah I know it is long but trust me, you will wish you had read them after you find out your account has been accessed without your permission. The indented parts are quotes of some of the links I checked out myself. Very informative information by The “C” Man and Brett Carver! The rest of the info I found doing Google Searches and the links to those are listed at the top of the blog. Just be glad I did this searching for you! Or else it would take you longer than just reading this!

- K

Has your Gmail been compromised? :  http://wp.me/pQWLB-2v

This entry was posted on January 21, 2011 by . It was filed under Security .

6 Responses

  1. katiekabo0m

    All links on the blog are to give credit. However if you see something that you feel credit has not been given to, please comment here and I will edit and put the credit in. Some info shared here I got off the Google Help Forums but did not know where the info was originally obtained. I know it is hard to tell what is quoted as in this blog it only indents instead of putting in some kind of table but the paragraphs that are indented are the quotes and are not my own work.

    However the pictures are my own.

    January 21, 2011 at 11:40 pm

  2. incogster

    Happened to me the second time.

    Now, both times I had a really decent password, randomly generated, just for Gmail.

    I use a Mac, and have a malware checker even though such stuff is rare on Macs.

    I don’t log in from public computers.

    So how the heck did they break into my Gmail? I mean, seriously, if a keylogger was involved surely they’d have been straight in to my bank account??

    I’m convinced there’s some basic flaw in Google’s login, somewhere. Of course, if this is true, the chances of Google ever admitting it was there even after they’ve fixed it is zero!

    February 15, 2011 at 9:29 am

    • katiekabo0m

      yeah I can’t figure out how they got in my account neither but until Google verifies any holes or anyone else finds and proves it I don’t think we will ever know for sure. But many in the security field vouch that Gmail is very secure and really this type of thing has been happening to not just Gmail but also Yahoo, AOL, Hotmail, and a few other of the more common free web based emails. They spammers use dictionary attacks and password crackers and since you used a random password generator they could have just gotten lucky with their programs. That is why now they are saying that if an email client or login site lets you, put in symbols as well instead of just Capital and lower case letters and numbers. Sad thing is so many companies and web site hosts do not yet support this.

      Actually you should post what you have told me as well on https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en as I am sure that bkc56, who I had gotten the majority of those quotes (indented parts) off of, will be able to expand on what I have said here. He is VERY informative in this area!

      To beat spammers .. well you can’t .. but to slow them down .. you have to work together with a bunch of like minded people, just like the spammers do.

      February 16, 2011 at 8:51 am

  3. kodiac9

    You can beat spammers! Track them all down and beat them with a shovel ^^

    February 21, 2011 at 12:26 am

    • katiekabo0m

      Haha Kodiac, yeah I am sure you could find them too. ;) They use Proxies and “zombie botnets” (hijacked infected computers belonging to unknowing innocent computer users) and many other methods to prevent them from being tracked. Also using hijacked email accounts is another way they hide as they don’t want to use anything that will give away their real location.

      March 15, 2011 at 3:04 pm

  4. katiekabo0m

    Okay more info (originally meant for Proboard forums but I think it is relevant here):

    http://www.allseeingeyes.info/guide.html

    Crackers get hold of your passwords by gaining access to email via the security question,
    or by guessing the password of an admin or gmod, or running a scanner to do the same.
    Follow these guidelines :-

    1. Ensure your email password security question is not obvious (don’t have ‘my favourite football team’ then go talking about them non stop)
    2. You may want to change your email address / provider (the cracker may still have access to the old one)
    3. [On Forums:] Use the ‘Hide email’ option (if you want members to contact you, use one of the free ‘throwaway’ emails for public view)
    4. Make ANY passwords difficult (use upper and lower case letters, mixed with numbers)
    5. Use different passwords for each account.
    6. [On Forums:] Use different email for your main Admin account(s), and don’t make it public.
    7. Don’t let ANYONE know your passwords (if you make a note of them, keep them safe)
    8. If you share a computer/ computer account, don’t ‘let the computer remember password’
    9. [On Forums:] Tell your main staff to do the same (2nd Admin, and G Mods)
    10. [On Forums:] Don’t open links in PM’s, unless you know EXACTLY what it is.

    Credit goes to AllSeeingEyes

    March 17, 2011 at 7:27 am

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.