Gmail account has been hacked. If so, how?


Recommended Posts

I logged on to my Gmail account from a browser (i usually use Windows Live Mail installed on the desktop or my iPhone). I got a message saying they believe my account had been hacked.

There were 2 entries from Japan & 1 from Slovenia. I'm from the UK.

My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering:

1) If this is correct, then how will they have done this?

2) What are the chances of this being a false positive?

post-37542-0-26552200-1326118112.jpg

Link to comment
Share on other sites

I logged on to my Gmail account from a browser (i usually use Windows Live Mail installed on the desktop or my iPhone). I got a message saying they believe my account had been hacked.

There were 2 entries from Japan & 1 from Slovenia. I'm from the UK.

My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering:

1) If this is correct, then how will they have done this?

2) What are the chances of this being a false positive?

regardless a password change is in order, any emails with bank details or anything like that in your inbox? would be worth double checking and changing if poss

ps

check sent mail too

Link to comment
Share on other sites

Change your password in case but, it could of been you on your iphone. I know opera uses a foreign location even if your in the uk could even be another device you used or tor, proxy etc etc hard to say.

Link to comment
Share on other sites

Yeah there's bank details in there.

I've changed the password anyway & put on the 2 step method which says anyone hacking from a browser will also need my phone (no doubt someone has found a way around this though?!). Other devices (WLM & iPhone) also have been given a special password for using my account.

Personally, i struggle to see how it could be my iPhone - as i've accessed my inbox many times with my iPhone, so why would it start showing up 2 random countries all of a sudden when for the past year or so that i've had the phone, it's been fine?

Link to comment
Share on other sites

Like i said different browser being used, connection being routed for some reason you just dont know but always better to be safe than sorry seems there is alot of hacking going on at moment so not much is safe at all.

Link to comment
Share on other sites

"My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering:"

And how long is it?? This is s mixture of letters and number "u2"

Seems unlikely that anything you could use to connect from in the UK, would look like it came from japan? Unless you were using a proxy or tor or something?

Doesnt' matter how long or complex your password was, if your box was compromised its possible they had a keylogger, etc.

The key to what they are showing you is "if the activity does not look like yours" -- is it??

inetnum: 125.200.0.0 - 125.207.255.255

netname: OCN

descr: NTT Communications Corporation

descr: Open Computer Network

inetnum: 92.37.0.0 - 92.37.7.255

descr: Amis

descr: Dynamic IP pool ADSL

inetnum: 180.0.0.0 - 180.63.255.255

netname: OCN

descr: NTT Communications Corporation

descr: Open Computer Network

If these are not networks you would of been connecting through??? Proxy, Tor, VPN?? Then yeah someone else accessed your account!

Link to comment
Share on other sites

My password is (or was) over 10 characters long.

Proxy or tor <-- as i don't know what you're talking about, i'd say no i wasn't.

box (router?) compromised - would this have to have come locally or could anyone in the world do this? There are security measures in place on this too, but i imagine any hacker worth their salt could get past this.

No, that activity certainly doesn't look like mine at all.

Link to comment
Share on other sites

...

I've changed the password anyway & put on the 2 step method which says anyone hacking from a browser will also need my phone (no doubt someone has found a way around this though?!). Other devices (WLM & iPhone) also have been given a special password for using my account.

...

Well, there's no way around the 2 factor authentication Google use unless they've stolen your phone (unlikely), or the attackers have gotten access to the information used to setup the 2 factor authentication (You should have scanned a QR code with your phone, if they have that they can generate the required codes)

They shouldn't be able to get access to that data though, so you should be safe (if it is actually attackers, and not just using a proxy)

Link to comment
Share on other sites

As you've 2-step authentication on this seems odd. Change passwords, cancel and re-do 2-step authentication and refresh your backup codes, them id suggest if you can forwarding email to another account and try not accessing this one for a few days and see what activity is logged. Theres also a sign out of all other sessions button some where. Click that.

Link to comment
Share on other sites

As you've 2-step authentication on this seems odd. Change passwords, cancel and re-do 2-step authentication and refresh your backup codes, them id suggest if you can forwarding email to another account and try not accessing this one for a few days and see what activity is logged. Theres also a sign out of all other sessions button some where. Click that.

I should've made it clearer i guess ... i've only just put on the 2-step security measure after finding this out today.

I also clicked the button :)

Link to comment
Share on other sites

As budman stated, you could have been using a compromised computer with a keylogger on it (it could very well be yours). keylogger then sent your pw to somebot somewhere and it logged into your account using one of the many proxies it is configured with.

just reset your password, nothing you can do at this point. If you don't change your passwords often you have a higher chance of being compromised by keyloggers. Even your double auth can get compromised if you don't change one of them often. I personally like the secure id key chain that the password changes once a minute.

Link to comment
Share on other sites

Very weird, check you're google.com/account settings and see if anything is authorised to access your account. Btw 2-step is also available for Facebook should you want to lock that down.

Link to comment
Share on other sites

happened to me by someone on the verizon network in new york...then sent bogus emails with a virus to people. So I changed my password and deleted my contacts. After letting everyone know if they got an email from me not to open it because, i rarely send anything through email unless I have too

Link to comment
Share on other sites

I recommend also never using use real answers on your password recovery security questions. I use roboform and sometimes sites only give you a few questions to choose from. Most are so ****ing stupid that anyone could look up. "Where were you born?" So for that answer I would use as an example 04mkpA6Sc. I then create a field in the roboform card file with that question and answer. I also periodically print out all the information.

Link to comment
Share on other sites

My password isn't even a real word. It's a mixture of letters & numbers, so i'm wondering:

xkcd to the rescue. This is not the best password. I know this won't be how it was hacked but I found this info useful.

password_strength.png

Link to comment
Share on other sites

this happened to me twice last year. i thought my password was secure enough, but i guess not. since i use my gmail on several computers, any of them could have had a keylogger :unsure:

anyway, i ended up changing my password twice - each time making it more complex. havent had the issue since.

(update) since i was just reading this topic, i decided to try the 2-factor auth. why not, right?

Link to comment
Share on other sites

^ My Rule of thumb is never enter your password into someone elses computer. My Mom was recently at her friends house. She called me and had me remote in and do some work on that computer. She sent herself a test email message from her friends computer to her gmail account. She said, i'm going to log into my gmail account and see if I got the test message. I told her, I wouldn't. I wouldn't enter my password into that computer if you paid me. Computer could have been perfeclty fine, but no way to know.

I also never enter or log into my account on my customer computers unless I just got done reformating the hard drive.

Link to comment
Share on other sites

xkcd to the rescue. This is not the best password. I know this won't be how it was hacked but I found this info useful.

password_strength.png

This comic ignores the complexity of brute forcing a password, trying to break the password "z" would require 26 guesses at max, while "Z" requires 52 guesses (And "zZ" requires 2,704 guesses, etc.)

Link to comment
Share on other sites

This comic ignores the complexity of brute forcing a password, trying to break the password "z" would require 26 guesses at max, while "Z" requires 52 guesses (And "zZ" requires 2,704 guesses, etc.)

Not my area of expertise at all but I am reasonably sure that is what panel 2 is saying. There are 2^28possible guesses for that kind of password and could be guessed in 3 days at 1000 guess/sec

See http://en.wikipedia....ssword_strength For info on this.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.