• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "My gmail account hacked, how?"

Collapse

  • SueEllen
    replied
    Originally posted by d000hg View Post
    Is it just one of those things that happens somehow?
    I had one of my many accounts hacked about a year ago.

    I was using firefox and looked at an alternative health site in another tab when I had that particular gmail account open.

    The account was used for 7 hours to send out spam email to random addresses.

    Unfortunately for the account hijackers I was notified by the fact I didn't receive a standard daily email on my phone in the morning and so when I couldn't log in recovered my account.

    I know they were spamming because I found lots of junk in the sent folder, and gmail lists the IP addresses that last used your account.

    There weren't any contacts for them to spam apart from some old agencies that I hadn't removed from the contacts list.

    Leave a comment:


  • Sysman
    replied
    Originally posted by Diver View Post
    My passwords are varied and complex.
    Thankfully I have a very good memory for figures too (Hi cojak). and mix with upper and lower case letters.
    For general web accounts I use pwgen on Linux and OS X, and generate a new password per site. I see there's something similar for Windows with PWGen for Windows.

    For anything financial or confidential I go for longer passwords, again one per site.

    All my email accounts have unique passwords.
    Last edited by Sysman; 19 May 2012, 16:26.

    Leave a comment:


  • MrMark
    replied
    and lots still store passwords in plaintext
    Even hashed passwords, particularly if a salt is not used, can be relatively easy to crack.
    All extremely basic stuff for security purposes, which is why it's annoying to see developers who don't even use basics, jump the queue for work based on cost criteria.

    Leave a comment:


  • BrilloPad
    replied
    Originally posted by fullyautomatix View Post
    I remember Hotmail being hacked like this and emails sent out en masse to all contacts but no emails were to be found in the sent items folder. Searching online for the virus responible for this was not easy. Seems Gmail has been affected too. I would love to know how this is done.
    Dont they just get your contacts and use a mass emailer? I did alot of mass emailing during my f4j days. A great pity that all 100k emails I sent were to 1 contact.....

    Leave a comment:


  • d000hg
    replied
    My guess is they rip your contacts and then send as your email from their own servers?

    I still reckon getting your password+email from a vulnerable site might be one obvious attack vector, every site you use wants you to regsiter and lots still store passwords in plaintext

    Leave a comment:


  • fullyautomatix
    replied
    I remember Hotmail being hacked like this and emails sent out en masse to all contacts but no emails were to be found in the sent items folder. Searching online for the virus responible for this was not easy. Seems Gmail has been affected too. I would love to know how this is done.

    Leave a comment:


  • Diver
    replied
    My passwords are varied and complex.
    Thankfully I have a very good memory for figures too (Hi cojak). and mix with upper and lower case letters.

    Never had a password or account hacked and hopefully never will.

    My PC protection is also top notch (Purchased) and well maintained.

    Leave a comment:


  • TheFaQQer
    replied
    Originally posted by northernladuk View Post
    Do keyloggers actually just save the keystrokes or do the modern ones take copy/pasted data as well?
    This question asked of the Grauniad in 2007 implies that cut and paste won't really help:

    It's often convenient to paste in passwords but this would defeat only the simplest keylogging malware. It is trivially easy to capture the contents of the Windows clipboard.
    There seems to be some confusion on the web about it - some say it helps, some say it won't. Dunno.

    HTH

    Leave a comment:


  • northernladuk
    replied
    Question about keyloggers and the like. I have been using Roboform for password saving for years and the passwords it can't do (and the main password for Roboform) I put on a password protected document. I copy and paste the password from this doc. In theory I never have to type a password for my sites, just one for the document.

    Do keyloggers actually just save the keystrokes or do the modern ones take copy/pasted data as well?

    Leave a comment:


  • TheFaQQer
    replied
    These days, I use passpack to store and generate secure passwords.

    Since you need a secure phrase as well as username and password to decrypt the passwords, even if the data was stolen completely then a hacker would need to crack every account individually. There are much more enticing targets out there.

    That said, I don't use it for my email passwords because I like to be able to log into those quickly and easily from memory, rather than needing to use a password manager.

    Leave a comment:


  • cojak
    replied
    I have levels of password security. Forums being 1 level, emails next level and individual strong passwords for banking. And I don't 'do' mobile banking at all so there are no passwords on there at all (which was fortunate when I had my iPhone stolen last year).

    My passwords are written down (by hand) and stored in a locked fire/safe box screwed into the floor under the stairs. I pull them out when I need tot use them.

    Leave a comment:


  • BrilloPad
    replied
    I have had my hotmail account hacked twice. The first time was possible as I used a password I used for hundreds of other sites and I had auto login in. The second time was a password I only use for hotmail, online banking, credit card, ebay, paypal and facebook. No auto login. Quite a strong password.

    I have changed the password on all accounts - to something even stronger.

    Leave a comment:


  • doodab
    replied
    Could they have got in through a malicious app on an android phone?

    Leave a comment:


  • d000hg
    replied
    Originally posted by Sockpuppet View Post
    Have you put your password into a phising site? If your password tulipe?
    I don't think so and no.

    I've confirmed the emails weren't sent from my gmail account so either they got my contacts elsewhere or hacked my account. Given the recipients (that I know of, I don't have a way of getting the full list) aren't confined to any obvious group I conclude the latter.

    I don't have anything nasty on my PC so unless they randomly hacked my account, my best guess is they got my email+password from some other site which got hacked - a forum I was unwise enough to use the same password on most likely - and used this to login.

    Does that sounds the most plausible scenario, I don't really know anything about how these people operate but?

    All email passwords are changed, I guess I need to think of any other accounts using the same password+email combo especially those which might be found from my email history... luckily I think nothing critical is in that category!

    Leave a comment:


  • NickFitz
    replied
    Change your password ASAP. Then read this article: How to stop your Gmail account being hacked | Naked Security and do what it recommends. In particular, two-step verification will ensure that even if you have a key logger on your machine, the logged password won't be sufficient to allow a hacker to break into your account.

    Leave a comment:

Working...
X