Technique Posted January 9, 2012 Share Posted January 9, 2012 I logged on to my Gmail account from a browser (i usually use Windows Live Mail installed on the desktop or my iPhone). I got a message saying they believe my account had been hacked. There were 2 entries from Japan & 1 from Slovenia. I'm from the UK. My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering: 1) If this is correct, then how will they have done this? 2) What are the chances of this being a false positive? Link to comment Share on other sites More sharing options...
mulligan2k Posted January 9, 2012 Share Posted January 9, 2012 I logged on to my Gmail account from a browser (i usually use Windows Live Mail installed on the desktop or my iPhone). I got a message saying they believe my account had been hacked. There were 2 entries from Japan & 1 from Slovenia. I'm from the UK. My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering: 1) If this is correct, then how will they have done this? 2) What are the chances of this being a false positive? regardless a password change is in order, any emails with bank details or anything like that in your inbox? would be worth double checking and changing if poss ps check sent mail too Link to comment Share on other sites More sharing options...
Xoligy Posted January 9, 2012 Share Posted January 9, 2012 Change your password in case but, it could of been you on your iphone. I know opera uses a foreign location even if your in the uk could even be another device you used or tor, proxy etc etc hard to say. Link to comment Share on other sites More sharing options...
Technique Posted January 9, 2012 Author Share Posted January 9, 2012 Yeah there's bank details in there. I've changed the password anyway & put on the 2 step method which says anyone hacking from a browser will also need my phone (no doubt someone has found a way around this though?!). Other devices (WLM & iPhone) also have been given a special password for using my account. Personally, i struggle to see how it could be my iPhone - as i've accessed my inbox many times with my iPhone, so why would it start showing up 2 random countries all of a sudden when for the past year or so that i've had the phone, it's been fine? Link to comment Share on other sites More sharing options...
Xoligy Posted January 9, 2012 Share Posted January 9, 2012 Like i said different browser being used, connection being routed for some reason you just dont know but always better to be safe than sorry seems there is alot of hacking going on at moment so not much is safe at all. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 9, 2012 MVC Share Posted January 9, 2012 "My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering:" And how long is it?? This is s mixture of letters and number "u2" Seems unlikely that anything you could use to connect from in the UK, would look like it came from japan? Unless you were using a proxy or tor or something? Doesnt' matter how long or complex your password was, if your box was compromised its possible they had a keylogger, etc. The key to what they are showing you is "if the activity does not look like yours" -- is it?? inetnum: 125.200.0.0 - 125.207.255.255 netname: OCN descr: NTT Communications Corporation descr: Open Computer Network inetnum: 92.37.0.0 - 92.37.7.255 descr: Amis descr: Dynamic IP pool ADSL inetnum: 180.0.0.0 - 180.63.255.255 netname: OCN descr: NTT Communications Corporation descr: Open Computer Network If these are not networks you would of been connecting through??? Proxy, Tor, VPN?? Then yeah someone else accessed your account! Link to comment Share on other sites More sharing options...
Technique Posted January 9, 2012 Author Share Posted January 9, 2012 My password is (or was) over 10 characters long. Proxy or tor <-- as i don't know what you're talking about, i'd say no i wasn't. box (router?) compromised - would this have to have come locally or could anyone in the world do this? There are security measures in place on this too, but i imagine any hacker worth their salt could get past this. No, that activity certainly doesn't look like mine at all. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted January 9, 2012 Veteran Share Posted January 9, 2012 ... I've changed the password anyway & put on the 2 step method which says anyone hacking from a browser will also need my phone (no doubt someone has found a way around this though?!). Other devices (WLM & iPhone) also have been given a special password for using my account. ... Well, there's no way around the 2 factor authentication Google use unless they've stolen your phone (unlikely), or the attackers have gotten access to the information used to setup the 2 factor authentication (You should have scanned a QR code with your phone, if they have that they can generate the required codes) They shouldn't be able to get access to that data though, so you should be safe (if it is actually attackers, and not just using a proxy) Link to comment Share on other sites More sharing options...
dancedar Posted January 9, 2012 Share Posted January 9, 2012 As you've 2-step authentication on this seems odd. Change passwords, cancel and re-do 2-step authentication and refresh your backup codes, them id suggest if you can forwarding email to another account and try not accessing this one for a few days and see what activity is logged. Theres also a sign out of all other sessions button some where. Click that. Link to comment Share on other sites More sharing options...
Technique Posted January 9, 2012 Author Share Posted January 9, 2012 As you've 2-step authentication on this seems odd. Change passwords, cancel and re-do 2-step authentication and refresh your backup codes, them id suggest if you can forwarding email to another account and try not accessing this one for a few days and see what activity is logged. Theres also a sign out of all other sessions button some where. Click that. I should've made it clearer i guess ... i've only just put on the 2-step security measure after finding this out today.I also clicked the button :) Link to comment Share on other sites More sharing options...
sc302 Veteran Posted January 9, 2012 Veteran Share Posted January 9, 2012 As budman stated, you could have been using a compromised computer with a keylogger on it (it could very well be yours). keylogger then sent your pw to somebot somewhere and it logged into your account using one of the many proxies it is configured with. just reset your password, nothing you can do at this point. If you don't change your passwords often you have a higher chance of being compromised by keyloggers. Even your double auth can get compromised if you don't change one of them often. I personally like the secure id key chain that the password changes once a minute. Link to comment Share on other sites More sharing options...
dancedar Posted January 9, 2012 Share Posted January 9, 2012 Very weird, check you're google.com/account settings and see if anything is authorised to access your account. Btw 2-step is also available for Facebook should you want to lock that down. Link to comment Share on other sites More sharing options...
ThePitt Posted January 9, 2012 Share Posted January 9, 2012 opera uses a foreign location Yea (opera phone), I knew this in the hard way and I wonder if there is a way to change this. Link to comment Share on other sites More sharing options...
TCA Posted January 9, 2012 Share Posted January 9, 2012 happened to me by someone on the verizon network in new york...then sent bogus emails with a virus to people. So I changed my password and deleted my contacts. After letting everyone know if they got an email from me not to open it because, i rarely send anything through email unless I have too Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 9, 2012 MVC Share Posted January 9, 2012 I recommend also never using use real answers on your password recovery security questions. I use roboform and sometimes sites only give you a few questions to choose from. Most are so ****ing stupid that anyone could look up. "Where were you born?" So for that answer I would use as an example 04mkpA6Sc. I then create a field in the roboform card file with that question and answer. I also periodically print out all the information. Link to comment Share on other sites More sharing options...
still1 Posted January 9, 2012 Share Posted January 9, 2012 Enable 2 step authentication on your Google account. so even if someone knows your password they wont be able to get in to your account. https://accounts.goo...0/SmsAuthConfig If you have Android or Iphone there is an app that gives you a passkey that you have to enter to access Google account even after entering the password. Link to comment Share on other sites More sharing options...
Genocide121 Posted January 11, 2012 Share Posted January 11, 2012 Can anybody tell me does Live mail account use 2 way verification........... If Yes then can i know the procedure.......... Thanks Link to comment Share on other sites More sharing options...
monkey13 Posted January 11, 2012 Share Posted January 11, 2012 My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering: xkcd to the rescue. This is not the best password. I know this won't be how it was hacked but I found this info useful. Link to comment Share on other sites More sharing options...
jmc777 Posted January 11, 2012 Share Posted January 11, 2012 Can anybody tell me does Live mail account use 2 way verification........... No. Link to comment Share on other sites More sharing options...
still1 Posted January 11, 2012 Share Posted January 11, 2012 Can anybody tell me does Live mail account use 2 way verification........... If Yes then can i know the procedure.......... Thanks No, there isnt any. Link to comment Share on other sites More sharing options...
Genocide121 Posted January 11, 2012 Share Posted January 11, 2012 No. No, there isnt any. Thanks Link to comment Share on other sites More sharing options...
Jason S. Global Moderator Posted January 11, 2012 Global Moderator Share Posted January 11, 2012 this happened to me twice last year. i thought my password was secure enough, but i guess not. since i use my gmail on several computers, any of them could have had a keylogger :unsure: anyway, i ended up changing my password twice - each time making it more complex. havent had the issue since. (update) since i was just reading this topic, i decided to try the 2-factor auth. why not, right? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted January 11, 2012 MVC Share Posted January 11, 2012 ^ My Rule of thumb is never enter your password into someone elses computer. My Mom was recently at her friends house. She called me and had me remote in and do some work on that computer. She sent herself a test email message from her friends computer to her gmail account. She said, i'm going to log into my gmail account and see if I got the test message. I told her, I wouldn't. I wouldn't enter my password into that computer if you paid me. Computer could have been perfeclty fine, but no way to know. I also never enter or log into my account on my customer computers unless I just got done reformating the hard drive. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted January 12, 2012 Veteran Share Posted January 12, 2012 xkcd to the rescue. This is not the best password. I know this won't be how it was hacked but I found this info useful. This comic ignores the complexity of brute forcing a password, trying to break the password "z" would require 26 guesses at max, while "Z" requires 52 guesses (And "zZ" requires 2,704 guesses, etc.) Link to comment Share on other sites More sharing options...
monkey13 Posted January 13, 2012 Share Posted January 13, 2012 This comic ignores the complexity of brute forcing a password, trying to break the password "z" would require 26 guesses at max, while "Z" requires 52 guesses (And "zZ" requires 2,704 guesses, etc.) Not my area of expertise at all but I am reasonably sure that is what panel 2 is saying. There are 2^28possible guesses for that kind of password and could be guessed in 3 days at 1000 guess/sec See http://en.wikipedia....ssword_strength For info on this. Link to comment Share on other sites More sharing options...
Recommended Posts