Gmail account hacked...

renault12ts

MB Club Veteran
Joined
Mar 5, 2009
Messages
16,284
Car
2005 W215 CL500.
...as some of you may know, my Google mail account was hacked today, meaning that a strange email with a potentially malicious link was sent to anybody on my mailing list.

My question is, how can this happen? And how I can I prevent it happening again, given that I have AVG protection?
 

stevieb15

Active Member
Joined
Feb 28, 2009
Messages
868
Location
west sussex
Car
98 sl 500, 90 w126 500se, 03 CLK 320 Convertible, 90 W124 CE300
Sorry to hear that, its very disturbing.
Something similar happened with my hotmail account, I just cancelled it and started anew
 

LTD

MB Enthusiast
SUPPORTER
Joined
May 21, 2009
Messages
5,634
Location
Planet Earth
Car
Yep, one of THOSE !!!
I got a strange email from *** today.

I thought it contained a virus at first until I realised that the image was of a beach with blue sky.
 

silver_star

Active Member
Joined
Dec 10, 2010
Messages
212
Location
Leicestershire, England, 3rd Rock From The Sun
Car
W203 C220CDI Auto Elegance
Do you only log onto the account from 1 PC?

I would get the password changed ASAP for a strong one. Run a full A/V and malware scan. Also for belt and braces run a mcaffe online scan and sophos anti-root kit then delete all the temp files on your computer,, use a utility like ccleaner.
 

NOMONEYBUTAMERC

MB Enthusiast
SUPPORTER
Joined
Aug 27, 2010
Messages
1,216
Location
Weston super Mare
Car
BMW X1 . Porsche 968 Boxster
Had similar experience last year. hijacked by a company in China , who e-mailed all my contact list , telling them how delighted i was with my new computer. Changed to a stronger password , and asked hotmail NOT to remember it. Bit of a pain entering password each time, but no further problems.
 
OP
OP
R

renault12ts

MB Club Veteran
Joined
Mar 5, 2009
Messages
16,284
Car
2005 W215 CL500.
Had similar experience last year. hijacked by a company in China , who e-mailed all my contact list , telling them how delighted i was with my new computer. Changed to a stronger password , and asked hotmail NOT to remember it. Bit of a pain entering password each time, but no further problems.
That's like mine. My brother rang me and asked if I was enjoying my new laptop.
 

Cabe

Active Member
Joined
Jul 29, 2010
Messages
478
Location
Portsmouth
Car
W202 C220 CDI
Not a victim of the (sadly many) Lulzsec security breaches? Most notoriously the PSN databases.
 

Nik_Endeavour

Active Member
Joined
Apr 20, 2007
Messages
573
Location
Bristol
Car
Mercedes-less at the moment
It could be also a virus on your computer. The are called worms and infect your PC (and it will send itself to all contacts). Especially if you gmail that is accessed from a mail program (outlook, thunderbird).

Also it might be that your account has not been hacked at all but you have been victim of spoofing. i.e email are generated at random and it will hit a real one (i.e john.smith@gmail.com) which will email a blanket list of random emails which some are real but spoofing as if it came from your address. The ones that click on the link and then reply are shown as real email and saved. They then reply to you and you are infected, which then the worm copies itself to you address book and email all addresses.

In very broad lines that is what might have happened. The sad thing is that you cannot do much about it apart from notify google and never ever click on that link of naked pictures of Anna Kurnikova (from an episode of Friends)
 

Sp!ke

Administrator
Joined
Jun 2, 2002
Messages
11,968
Location
West London
Car
SL500 & The Fart Car
Before assuming your PC was compromised, how secure was your GNail password?

Since Google's Recaptcha is no longer effective, dictionary password attacks are highly likely.
 
OP
OP
R

renault12ts

MB Club Veteran
Joined
Mar 5, 2009
Messages
16,284
Car
2005 W215 CL500.
Before assuming your PC was compromised, how secure was your GNail password?

Since Google's Recaptcha is no longer effective, dictionary password attacks are highly likely.
My password (since changed) was an alpha/numeric one.
 

lancebond

Active Member
Joined
Jul 17, 2010
Messages
431
Location
Newcastle
Car
S203 C220 CDI
needs to be a long one, anything less than seven or eight digits can be cracked within a reasonable time.
 

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,790
Location
Uxbridge
Car
Smart, S320 and C180 with 3-pointed stars amongst others
needs to be a long one, anything less than seven or eight digits can be cracked within a reasonable time.
I'd love to know how you can crack a gmail password of 4-6 characters in "a reasonable time"...

Given that gmail has timeouts and captcha's, trying even a 4-character password would take more than a lifetime to brute force. (about 80 possible characters, so 80^4 = 40 960 000. Iirc, gmail has a delay of 24 hours after 10 failed attempts, so 409600 days to brute force a 4-character password).

I reckon that it's one of 4 options:
1. either your address was spoofed (very unlikely if they mailed your contacts - they would need to know your address book),
2. you have malware on your machine that used your address book or skimmed your password
3. you fell prey to a phishing/spoofing attack, and typed your password into a fake site
4. you use the same password for multiple systems, and one of the other systems' databases has been hacked (PSN?)


M.
 

Harrythedog

MB Enthusiast
SUPPORTER
Joined
May 8, 2011
Messages
2,230
Location
Tynemouth
Car
GLC 250 Sport Premium+
Thought I'd pass on a top tip a got a few years ago. As most email virus's? enter your computer unknown I was told to set up a false email address in my contacts book. If the "virus" tries to contact your addresses a message will appear in your inbox stating that the message to your false address has failed thus you'll know something is untoward. Hope that made sense
 

martin_a

Active Member
Joined
Mar 31, 2010
Messages
550
Location
Scotland
Car
C200
Are you using AVG Free?

Slight issue there is that is doesn't always update as quickly as paid one. Usually once a week where a subscribed service will update as soon as a threat is identified and block worked out. The free one can give you 6 days of possible time when a wrong click could compromise your machine.

The other issue is it could be through a forum or something you use. A lot of people use the same password for logging into a site that they use for everything else so you collect the password there it unlocks everything else.

m.
 

Sp!ke

Administrator
Joined
Jun 2, 2002
Messages
11,968
Location
West London
Car
SL500 & The Fart Car
I'd love to know how you can crack a gmail password of 4-6 characters in "a reasonable time"...

Given that gmail has timeouts and captcha's,
Captcha is broken - there are freely available scripts that can bypass it.
 

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,790
Location
Uxbridge
Car
Smart, S320 and C180 with 3-pointed stars amongst others
Captcha is broken - there are freely available scripts that can bypass it.
To a certain extent - it depends on who makes the captcha, and how complex it is. Some of the captcha's out there are problematic even for a human to interpret...

None-the-less, even without a captcha, the timeouts cannot be bypassed by a script...

M.

P.S. I did see an interesting method around captchas - "artificial artificial intelligence"... i.e. post the captcha to a third party, e.g. amazon's answers thing, or as an access requirement each time you log into a porn site... then you get a human to interpret it for your script... quite a nice solution really!
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top Bottom