PDA

View Full Version : So someone has been onto my gmail :(



xyz823
13-03-2012, 07:59 AM
http://i.imgur.com/exOYA.png

http://i.imgur.com/TFail.png

I've changed my password, I don't use that pass for anything else so should that be fine? How would they even access it?

8ftmetalhaed
13-03-2012, 08:17 AM
I'd be interested to know how myself. I don't think bruteforcing a password is possible is it? Doesn't gmail lock it after a few attempts?

pctek
13-03-2012, 09:49 AM
65.55.41.15 col0-pas-wn3.col0.hotmail.com

fred_fish
13-03-2012, 09:59 AM
Yep. all those IP's belong to hotmail.
Someone has configured a hotmail account to POP your gmail and presumably send via it as well.
Do / did you have a hotmail as well?

1101
13-03-2012, 10:18 AM
Our work gmail a/c was hacked as well. Its only a a/c for junk so no biggie

I have to wonder just whats going on . Password had 4 numbers & letters, no real words, so couldnt have been guessed in a dictionary type attack.

The other thing I've seen with hacked webmail a/c's is... (both gmail & yahoomail)
-the pass wasnt changed by the hacker: this doesnt make sense . Allows the owner to then change the pass.
-b8gger all was sent out on that hacked a/c,only a dozen or so spam?? why so few ??
-the only recipients of these spams from hacked a/c were the adresses saved in that gmail/yahoo a/c

??

Nhashon
13-03-2012, 10:35 AM
darkstar09 - i recommend u to change your email service provider to some other email service - like a hotmail or maybe yahoo , i would go for hotmail since it's a better higher in protection from spam and unwanted access . I have seen myself , gmail get lots of attacks from hackers and i believe it still is , and i hope you don't have bank statements , and other personal info stored in your inbox or other places , because viruses can grab those info which then you can probably become a cybercrime victim . Thats my opinon but yeah it's your choice .

xyz823
13-03-2012, 10:50 AM
Yep. all those IP's belong to hotmail.
Someone has configured a hotmail account to POP your gmail and presumably send via it as well.
Do / did you have a hotmail as well?

I did but stopped using it around 8 months ago after Microsoft blocked access to my account because of "Spamming" from my account. I was unable to regain access to it as they required I enter a mobile number to recieve a text for verification, entered my cell details multiple times but never got any texts. I gave up on that account and created a gmail which I then used for emails and Windows Live Messenger (MSN) though the Windows Live Credentials thing, but then that somehow got blocked by MS as well so I gave up on them completely.

Different passwords for them all.

So far this morning, I'm the only one to have accessed the account.

Around 700 emails were sent out, 282 bounced back and all were sent to random addresses.

mikebartnz
13-03-2012, 11:21 AM
darkstar09 - i recommend u to change your email service provider to some other email service - like a hotmail or maybe yahoo , i would go for hotmail since it's a better higher in protection from spam and unwanted access . I have seen myself , gmail get lots of attacks from hackers and i believe it still is , and i hope you don't have bank statements , and other personal info stored in your inbox or other places , because viruses can grab those info which then you can probably become a cybercrime victim . Thats my opinon but yeah it's your choice .
If you really think Hotmail does any better you don't live in the real world.
Unless it has changed Yahoo's spam protection is absolute crap.
As pctech has said it is a Hotmail account that is doing the spamming.
I don't think you really know what you are talking about.

Erayd
13-03-2012, 11:22 AM
Our work gmail a/c was hacked as well. Its only a a/c for junk so no biggie

I have to wonder just whats going on . Password had 4 numbers & letters, no real words, so couldnt have been guessed in a dictionary type attack.Usually this means you've logged into it from something with a keylogger, and they got your password that way. The best defense against this is to turn on two-factor authentication; that way even if someone obtains your password they still can't get into your account.


The pass wasnt changed by the hacker: this doesnt make sense . Allows the owner to then change the pass.Many people don't notice their account has been compromised - if their password gets changed, then they notice they're locked out. If it isn't changed, whoever else is using it can continue to do so as long as they're not noticed.


b8gger all was sent out on that hacked a/c,only a dozen or so spam?? why so few ?? Reduces the chances of them being noticed by either you or Google's spam filters.


the only recipients of these spams from hacked a/c were the adresses saved in that gmail/yahoo a/c Known valid contacts who are more likely to treat mail from you as valid, rather than send it straight to the junk folder. This technique also reduces the chance of Google's spam filters catching them.

mikebartnz
13-03-2012, 11:24 AM
I did but stopped using it around 8 months ago after Microsoft blocked access to my account because of "Spamming" from my account. I was unable to regain access to it as they required I enter a mobile number to recieve a text for verification, entered my cell details multiple times but never got any texts. I gave up on that account and created a gmail which I then used for emails and Windows Live Messenger (MSN) though the Windows Live Credentials thing, but then that somehow got blocked by MS as well so I gave up on them completely.

Different passwords for them all.

So far this morning, I'm the only one to have accessed the account.

Around 700 emails were sent out, 282 bounced back and all were sent to random addresses.
Can you have a look at account activity to see who has actually been doing the spamming.

sahilcc7
13-03-2012, 10:58 PM
darkstar09 - i recommend u to change your email service provider to some other email service - like a hotmail or maybe yahoo , i would go for hotmail since it's a better higher in protection from spam and unwanted access . I have seen myself , gmail get lots of attacks from hackers and i believe it still is , and i hope you don't have bank statements , and other personal info stored in your inbox or other places , because viruses can grab those info which then you can probably become a cybercrime victim . Thats my opinon but yeah it's your choice .

Interesting that, my friends hotmail was sending out spamming emails as darkstar said. Was hacked. Got it back in the end but security is rubbish IMO.

pctek
14-03-2012, 06:47 AM
i recommend u to change your email service provider to some other email service - like a hotmail , i would go for hotmail since it's a better higher in protection from spam and unwanted access

You what??!!! Hotmail is the pits, it's a spam magnet for one thing.

nedkelly
14-03-2012, 10:26 AM
Darkstar, reset the password and then enable 2-step account verification.
When the account is accessed on a new computer you get a text sent to your phone telling you a code to enter, and for pop and other applications you can assign them a specific password seeing as you cant get the webpage to enter the code in in outlook and other apps.
I have done it and very glad I did.

fred_fish
14-03-2012, 11:07 AM
And then google has your phone number to link to your profile, share with all their other services & any third parties they deem necessary, and publish along with all your other info and contacts and pics the next time they introduce a shiny new service ... nice!

nedkelly
14-03-2012, 11:17 AM
Not part of your profile, its part of the background services, and I have not had anything apart from google codes texted to me.

Agent_24
14-03-2012, 11:40 AM
hahahahahahaahahaha!

It's still Google, and they still have your number.

Erayd
14-03-2012, 11:43 AM
You also don't have to provide a phone number - if you have a smartphone, you can use their authenticator app instead. This also has the bonus of not needing cellphone coverage or an internet connection to work (although you'll obviously need a net connection on whatever device you're using to do your email).

caffy
14-03-2012, 12:43 PM
You also don't have to provide a phone number - if you have a smartphone, you can use their authenticator app instead. This also has the bonus of not needing cellphone coverage or an internet connection to work (although you'll obviously need a net connection on whatever device you're using to do your email).

+1

xyz823
14-03-2012, 01:04 PM
Passwords been changed and 2 step authentication setup. Should solve any issues.