Gmail account hacked...

Discussion in 'OT (OFF Topic) Forums' started by renault12ts, Jun 21, 2011.

  1. renault12ts

    renault12ts MB Club Veteran

    Messages:
    15,785
    Joined:
    Mar 5, 2009
    Car:
    2005 W215 CL500.
    ...as some of you may know, my Google mail account was hacked today, meaning that a strange email with a potentially malicious link was sent to anybody on my mailing list.

    My question is, how can this happen? And how I can I prevent it happening again, given that I have AVG protection?
     
  2. stevieb15

    stevieb15 Hardcore MB Enthusiast

    Messages:
    868
    Joined:
    Feb 28, 2009
    Location:
    west sussex
    Car:
    98 sl 500, 90 w126 500se, 03 CLK 320 Convertible, 90 W124 CE300
    Sorry to hear that, its very disturbing.
    Something similar happened with my hotmail account, I just cancelled it and started anew
     
  3. stevieb15

    stevieb15 Hardcore MB Enthusiast

    Messages:
    868
    Joined:
    Feb 28, 2009
    Location:
    west sussex
    Car:
    98 sl 500, 90 w126 500se, 03 CLK 320 Convertible, 90 W124 CE300
    sorry duplicated
     
  4. LTD

    LTD MB Club Veteran

    Messages:
    5,442
    Joined:
    May 21, 2009
    Location:
    Planet Earth
    Car:
    Yep, one of THOSE !!!
    I got a strange email from *** today.

    I thought it contained a virus at first until I realised that the image was of a beach with blue sky.
     
  5. silver_star

    silver_star Hardcore MB Enthusiast

    Messages:
    212
    Joined:
    Dec 10, 2010
    Location:
    Leicestershire, England, 3rd Rock From The Sun
    Car:
    W203 C220CDI Auto Elegance
    Do you only log onto the account from 1 PC?

    I would get the password changed ASAP for a strong one. Run a full A/V and malware scan. Also for belt and braces run a mcaffe online scan and sophos anti-root kit then delete all the temp files on your computer,, use a utility like ccleaner.
     
  6. NOMONEYBUTAMERC

    NOMONEYBUTAMERC Hardcore MB Enthusiast

    Messages:
    1,126
    Joined:
    Aug 27, 2010
    Location:
    Weston super Mare
    Car:
    BMW X1 . Porsche 968 Boxster
    Had similar experience last year. hijacked by a company in China , who e-mailed all my contact list , telling them how delighted i was with my new computer. Changed to a stronger password , and asked hotmail NOT to remember it. Bit of a pain entering password each time, but no further problems.
     
  7. OP
    OP
    renault12ts

    renault12ts MB Club Veteran

    Messages:
    15,785
    Joined:
    Mar 5, 2009
    Car:
    2005 W215 CL500.
    That's like mine. My brother rang me and asked if I was enjoying my new laptop.
     
  8. NOMONEYBUTAMERC

    NOMONEYBUTAMERC Hardcore MB Enthusiast

    Messages:
    1,126
    Joined:
    Aug 27, 2010
    Location:
    Weston super Mare
    Car:
    BMW X1 . Porsche 968 Boxster
    Fortunately my friends knew it was not sent from me since i know naff all about computers!
     
  9. Cabe

    Cabe Hardcore MB Enthusiast

    Messages:
    478
    Joined:
    Jul 29, 2010
    Location:
    Portsmouth
    Car:
    W202 C220 CDI
    Not a victim of the (sadly many) Lulzsec security breaches? Most notoriously the PSN databases.
     
  10. Nik_Endeavour

    Nik_Endeavour Hardcore MB Enthusiast

    Messages:
    575
    Joined:
    Apr 20, 2007
    Location:
    Bristol
    Car:
    Mercedes-less at the moment
    It could be also a virus on your computer. The are called worms and infect your PC (and it will send itself to all contacts). Especially if you gmail that is accessed from a mail program (outlook, thunderbird).

    Also it might be that your account has not been hacked at all but you have been victim of spoofing. i.e email are generated at random and it will hit a real one (i.e john.smith@gmail.com) which will email a blanket list of random emails which some are real but spoofing as if it came from your address. The ones that click on the link and then reply are shown as real email and saved. They then reply to you and you are infected, which then the worm copies itself to you address book and email all addresses.

    In very broad lines that is what might have happened. The sad thing is that you cannot do much about it apart from notify google and never ever click on that link of naked pictures of Anna Kurnikova (from an episode of Friends)
     
  11. Ted

    Ted MB Club Veteran

    Messages:
    5,645
    Joined:
    Feb 26, 2004
    Location:
    Bourton on Dunsmore
    Car:
    SLC 250D AMG Line, Yamaha XVS 1100, Jeep Renegade


    So THAT's why I get all of my viruses!
     
  12. E CLASS

    E CLASS Hardcore MB Enthusiast

    Messages:
    413
    Joined:
    Oct 16, 2008
    Nuke your machine and reinstall everything a fresh.
     
  13. Sp!ke

    Sp!ke Administrator Staff Member

    Messages:
    12,234
    Joined:
    Jun 2, 2002
    Location:
    West London
    Car:
    SL500 & The Fart Car
    Before assuming your PC was compromised, how secure was your GNail password?

    Since Google's Recaptcha is no longer effective, dictionary password attacks are highly likely.
     
  14. OP
    OP
    renault12ts

    renault12ts MB Club Veteran

    Messages:
    15,785
    Joined:
    Mar 5, 2009
    Car:
    2005 W215 CL500.
    My password (since changed) was an alpha/numeric one.
     
  15. lancebond

    lancebond Hardcore MB Enthusiast

    Messages:
    431
    Joined:
    Jul 17, 2010
    Location:
    Newcastle
    Car:
    S203 C220 CDI
    needs to be a long one, anything less than seven or eight digits can be cracked within a reasonable time.
     
  16. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,793
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    I'd love to know how you can crack a gmail password of 4-6 characters in "a reasonable time"...

    Given that gmail has timeouts and captcha's, trying even a 4-character password would take more than a lifetime to brute force. (about 80 possible characters, so 80^4 = 40 960 000. Iirc, gmail has a delay of 24 hours after 10 failed attempts, so 409600 days to brute force a 4-character password).

    I reckon that it's one of 4 options:
    1. either your address was spoofed (very unlikely if they mailed your contacts - they would need to know your address book),
    2. you have malware on your machine that used your address book or skimmed your password
    3. you fell prey to a phishing/spoofing attack, and typed your password into a fake site
    4. you use the same password for multiple systems, and one of the other systems' databases has been hacked (PSN?)


    M.
     
  17. Harrythedog

    Harrythedog Hardcore MB Enthusiast

    Messages:
    1,936
    Joined:
    May 8, 2011
    Location:
    Tynemouth
    Car:
    GLC 250 Sport Premium+
    Thought I'd pass on a top tip a got a few years ago. As most email virus's? enter your computer unknown I was told to set up a false email address in my contacts book. If the "virus" tries to contact your addresses a message will appear in your inbox stating that the message to your false address has failed thus you'll know something is untoward. Hope that made sense
     
  18. martin_a

    martin_a Hardcore MB Enthusiast

    Messages:
    550
    Joined:
    Mar 31, 2010
    Location:
    Scotland
    Car:
    C200
    Are you using AVG Free?

    Slight issue there is that is doesn't always update as quickly as paid one. Usually once a week where a subscribed service will update as soon as a threat is identified and block worked out. The free one can give you 6 days of possible time when a wrong click could compromise your machine.

    The other issue is it could be through a forum or something you use. A lot of people use the same password for logging into a site that they use for everything else so you collect the password there it unlocks everything else.

    m.
     
  19. Sp!ke

    Sp!ke Administrator Staff Member

    Messages:
    12,234
    Joined:
    Jun 2, 2002
    Location:
    West London
    Car:
    SL500 & The Fart Car
    Captcha is broken - there are freely available scripts that can bypass it.
     
  20. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,793
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    To a certain extent - it depends on who makes the captcha, and how complex it is. Some of the captcha's out there are problematic even for a human to interpret...

    None-the-less, even without a captcha, the timeouts cannot be bypassed by a script...

    M.

    P.S. I did see an interesting method around captchas - "artificial artificial intelligence"... i.e. post the captcha to a third party, e.g. amazon's answers thing, or as an access requirement each time you log into a porn site... then you get a human to interpret it for your script... quite a nice solution really!
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.