Gmail account hacked...

Page may contain affiliate links. Please see terms for details.

renault12ts

MB Club Veteran
Joined
Mar 5, 2009
Messages
16,671
Car
2005 W215 CL500.
...as some of you may know, my Google mail account was hacked today, meaning that a strange email with a potentially malicious link was sent to anybody on my mailing list.

My question is, how can this happen? And how I can I prevent it happening again, given that I have AVG protection?
 
Sorry to hear that, its very disturbing.
Something similar happened with my hotmail account, I just cancelled it and started anew
 
I got a strange email from *** today.

I thought it contained a virus at first until I realised that the image was of a beach with blue sky.
 
Do you only log onto the account from 1 PC?

I would get the password changed ASAP for a strong one. Run a full A/V and malware scan. Also for belt and braces run a mcaffe online scan and sophos anti-root kit then delete all the temp files on your computer,, use a utility like ccleaner.
 
Had similar experience last year. hijacked by a company in China , who e-mailed all my contact list , telling them how delighted i was with my new computer. Changed to a stronger password , and asked hotmail NOT to remember it. Bit of a pain entering password each time, but no further problems.
 
Had similar experience last year. hijacked by a company in China , who e-mailed all my contact list , telling them how delighted i was with my new computer. Changed to a stronger password , and asked hotmail NOT to remember it. Bit of a pain entering password each time, but no further problems.

That's like mine. My brother rang me and asked if I was enjoying my new laptop.
 
Not a victim of the (sadly many) Lulzsec security breaches? Most notoriously the PSN databases.
 
It could be also a virus on your computer. The are called worms and infect your PC (and it will send itself to all contacts). Especially if you gmail that is accessed from a mail program (outlook, thunderbird).

Also it might be that your account has not been hacked at all but you have been victim of spoofing. i.e email are generated at random and it will hit a real one (i.e [email protected]) which will email a blanket list of random emails which some are real but spoofing as if it came from your address. The ones that click on the link and then reply are shown as real email and saved. They then reply to you and you are infected, which then the worm copies itself to you address book and email all addresses.

In very broad lines that is what might have happened. The sad thing is that you cannot do much about it apart from notify google and never ever click on that link of naked pictures of Anna Kurnikova (from an episode of Friends)
 
Before assuming your PC was compromised, how secure was your GNail password?

Since Google's Recaptcha is no longer effective, dictionary password attacks are highly likely.
 
Before assuming your PC was compromised, how secure was your GNail password?

Since Google's Recaptcha is no longer effective, dictionary password attacks are highly likely.

My password (since changed) was an alpha/numeric one.
 
needs to be a long one, anything less than seven or eight digits can be cracked within a reasonable time.
 
needs to be a long one, anything less than seven or eight digits can be cracked within a reasonable time.

I'd love to know how you can crack a gmail password of 4-6 characters in "a reasonable time"...

Given that gmail has timeouts and captcha's, trying even a 4-character password would take more than a lifetime to brute force. (about 80 possible characters, so 80^4 = 40 960 000. Iirc, gmail has a delay of 24 hours after 10 failed attempts, so 409600 days to brute force a 4-character password).

I reckon that it's one of 4 options:
1. either your address was spoofed (very unlikely if they mailed your contacts - they would need to know your address book),
2. you have malware on your machine that used your address book or skimmed your password
3. you fell prey to a phishing/spoofing attack, and typed your password into a fake site
4. you use the same password for multiple systems, and one of the other systems' databases has been hacked (PSN?)


M.
 
Thought I'd pass on a top tip a got a few years ago. As most email virus's? enter your computer unknown I was told to set up a false email address in my contacts book. If the "virus" tries to contact your addresses a message will appear in your inbox stating that the message to your false address has failed thus you'll know something is untoward. Hope that made sense
 
Are you using AVG Free?

Slight issue there is that is doesn't always update as quickly as paid one. Usually once a week where a subscribed service will update as soon as a threat is identified and block worked out. The free one can give you 6 days of possible time when a wrong click could compromise your machine.

The other issue is it could be through a forum or something you use. A lot of people use the same password for logging into a site that they use for everything else so you collect the password there it unlocks everything else.

m.
 
I'd love to know how you can crack a gmail password of 4-6 characters in "a reasonable time"...

Given that gmail has timeouts and captcha's,

Captcha is broken - there are freely available scripts that can bypass it.
 
Captcha is broken - there are freely available scripts that can bypass it.

To a certain extent - it depends on who makes the captcha, and how complex it is. Some of the captcha's out there are problematic even for a human to interpret...

None-the-less, even without a captcha, the timeouts cannot be bypassed by a script...

M.

P.S. I did see an interesting method around captchas - "artificial artificial intelligence"... i.e. post the captcha to a third party, e.g. amazon's answers thing, or as an access requirement each time you log into a porn site... then you get a human to interpret it for your script... quite a nice solution really!
 

Users who are viewing this thread

Back
Top Bottom