Gmail account hacked

Printer-friendly version

Author: 

Taxonomy upgrade extras: 

Some time early Sunday morning someone managed to get into my Gmail account and spam everybody in my (somewhat extensive) contacts list. If you got one, please delete it.

I discovered it this morning when I could not get into my account. They had changed the password. I went through the password recovery and got control of the account back.

When I was able to get back into the account there was a message from Google that the account had been accessed from China and if it wasn't me that I should change my password.

Well, guys, I understand that they are trying to be on top of things, but it seems to me a bit stupid. Obviously they are keeping track of the accessing IP address. So they figured that in the five hours since I had last accessed the account that I had traveled to China and logged back in?

Anyway, I think the problem is solved. If you received spam from me, I'm sorry.

Janet

Comments

Passwords

If you're like me and use the same password everywhere....

(yes I know this is stupid) You may want to change your passwords for other services as well. Also ask yourself how did they get your password. Do you have a trojan, did you visit a phishing site?

Dayna.

Phishing

I recently got a phishing spam trying to get me to send them all my particulars for the account. There's a lot of bad stuff going on. Annoyingly, when I got the message, I couldn't find the "Report Phishing" option in Gmail. I found it now, but it's probably too late to do any good.

Password Managers

I have a great memory for recalling useless trivia, but oodles of passwords? Nope! It gets worse when I have passwords for two different systems at work that have to be changed every 28 days (with no previous passwords allowed to be recycled). I have a strategy in place for those passwords, but for general web passwords I've discovered the delights of a password manager.

Once you've installed the password manager, you log into it with one (universal) password, then are able to access the passwords for everything else. Obviously you need to make your password manager password pretty darn secure (and memorable!); but once installed you can reset your passwords to other sites to strong passwords (e.g. ^jyv%ijfU%4!32@R0& (N.B. I've just auto-generated that on-the-fly) - no-one in their right minds would be able to remember or guess that!).
Depending on the password manager you use, passwords are either stored encrypted on your computer (for use on that computer only) or on a central server (useful if you 'roam'). Needless to say, they tend to use very strong encryption methods.

 

Bike Resources

There are 10 kinds of people in the world - those who understand binary and those who don't...

As the right side of the brain controls the left side of the body, then only left-handers are in their right mind!

Gmail

Informed me that there had been an attempt to get into my account... but I'm not really worried. When it comes to password security, I'm really geeky.

I use a rotating encryption cipher over 17 different passwords that are a minimum of 11 characters long and use lower case, upper case, numbers, special characters and ASCII code. When I contacted Google, they said there had been something like 250 attempts to login to my account from Asia that all failed. They then congratulated me on my "strong" password protection.

Passwords

erin's picture

I take a phrase like "It's turtles all the way down." and combine it with the site name "bigclosetr.us/topshelf" and do a transform on the two according to a set pattern which results in a password I can re-derive if I forget it. All I have to remember is the phrase I associate with the site and my derivation procedure. I have a library of phrases that are sorted by the type of site it is. This is not as secure as possible but it's pretty damn secure since I end up with a 10-14 character password that includes upper and lower case letters, numbers and symbols.

The sites that break this system require passwords shorter than 10 characters. Not many of those around anymore. Generally, those are low risk sites anyway and I have a different way of deriving a password for them.

This is NOT how I do it but to show you what I mean:

Take the phrase and turn it into a set of numbers by some algorithm: 2173334

Take the site name and turn it into a set of numbers by some other algorithm: 207325950819

Combine the sets of numbers: 2210773332354940819

Change some of those numbers back to letters: vI77333w5494Hs

Change at least one of the remaining numbers to a symbol: vI(333w54;Hs

Truncate at 14 characters or pad to 10, not needed for this one because it is 12 characters.

Like I said, this is NOT how I do it, my way is simpler and quicker to do but has a similar effect.

Hugs,
Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

Hackers

Someone hack into my accounts last year and I was able to chg my pswds to stop it, now Microsoft has lock me out my accts and wants me to have a pswd code sent to me to reopen the accts. But for some reason my cell phone is not recieving that text message. So an acct I had over 10 years is no longer accessable to me, they keep telling I can to it another way and when I try that way it just keeps sending to other areas of MSN and that isn't working for me either???? Richard

Richard

Had a similar thing happen to me

Recently, I started getting calls and notes from friends and family about get-rich-quick schemes coming from my emails. I've changed passwords, so hopefully that'll stop them, but it's still damn annoying.

What's worse? My dad got his email from my girl-name account. He knows, but it's still embarrassing and something I'm trying to ease him into since it makes him kind of uncomfortable.

Melanie E.