• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

My gmail account hacked, how?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    My gmail account hacked, how?

    I discovered one of my gmail accounts has sent random links to seemingly every address in the contact book

    Not had this happen before and since I only access gmail through the web interface (no nasty Outlook auto-run emails) I wondered how this can happen? Most likely something on my PC, or some 3rd-party managing to get the password and using it? I assume I should check if my sent items actually has the emails so I can tell if my gmail account was used to send the emails or not - what other steps and tests can I perform?

    Quick scans with Malware Bytes and MSE found nothing, and MSE runs realtime protection. Is it just one of those things that happens somehow?

    Thanks.
    Originally posted by MaryPoppins
    I'd still not breastfeed a nazi
    Originally posted by vetran
    Urine is quite nourishing

    #2
    Have you put your password into a phising site? If your password tulipe?

    Comment


      #3
      Change your password ASAP. Then read this article: How to stop your Gmail account being hacked | Naked Security and do what it recommends. In particular, two-step verification will ensure that even if you have a key logger on your machine, the logged password won't be sufficient to allow a hacker to break into your account.

      Comment


        #4
        Originally posted by Sockpuppet View Post
        Have you put your password into a phising site? If your password tulipe?
        I don't think so and no.

        I've confirmed the emails weren't sent from my gmail account so either they got my contacts elsewhere or hacked my account. Given the recipients (that I know of, I don't have a way of getting the full list) aren't confined to any obvious group I conclude the latter.

        I don't have anything nasty on my PC so unless they randomly hacked my account, my best guess is they got my email+password from some other site which got hacked - a forum I was unwise enough to use the same password on most likely - and used this to login.

        Does that sounds the most plausible scenario, I don't really know anything about how these people operate but?

        All email passwords are changed, I guess I need to think of any other accounts using the same password+email combo especially those which might be found from my email history... luckily I think nothing critical is in that category!
        Originally posted by MaryPoppins
        I'd still not breastfeed a nazi
        Originally posted by vetran
        Urine is quite nourishing

        Comment


          #5
          Could they have got in through a malicious app on an android phone?
          While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

          Comment


            #6
            I have had my hotmail account hacked twice. The first time was possible as I used a password I used for hundreds of other sites and I had auto login in. The second time was a password I only use for hotmail, online banking, credit card, ebay, paypal and facebook. No auto login. Quite a strong password.

            I have changed the password on all accounts - to something even stronger.

            Comment


              #7
              I have levels of password security. Forums being 1 level, emails next level and individual strong passwords for banking. And I don't 'do' mobile banking at all so there are no passwords on there at all (which was fortunate when I had my iPhone stolen last year).

              My passwords are written down (by hand) and stored in a locked fire/safe box screwed into the floor under the stairs. I pull them out when I need tot use them.
              "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
              - Voltaire/Benjamin Franklin/Anne Frank...

              Comment


                #8
                These days, I use passpack to store and generate secure passwords.

                Since you need a secure phrase as well as username and password to decrypt the passwords, even if the data was stolen completely then a hacker would need to crack every account individually. There are much more enticing targets out there.

                That said, I don't use it for my email passwords because I like to be able to log into those quickly and easily from memory, rather than needing to use a password manager.
                Best Forum Advisor 2014
                Work in the public sector? You can read my FAQ here
                Click here to get 15% off your first year's IPSE membership

                Comment


                  #9
                  Question about keyloggers and the like. I have been using Roboform for password saving for years and the passwords it can't do (and the main password for Roboform) I put on a password protected document. I copy and paste the password from this doc. In theory I never have to type a password for my sites, just one for the document.

                  Do keyloggers actually just save the keystrokes or do the modern ones take copy/pasted data as well?
                  'CUK forum personality of 2011 - Winner - Yes really!!!!

                  Comment


                    #10
                    Originally posted by northernladuk View Post
                    Do keyloggers actually just save the keystrokes or do the modern ones take copy/pasted data as well?
                    This question asked of the Grauniad in 2007 implies that cut and paste won't really help:

                    It's often convenient to paste in passwords but this would defeat only the simplest keylogging malware. It is trivially easy to capture the contents of the Windows clipboard.
                    There seems to be some confusion on the web about it - some say it helps, some say it won't. Dunno.

                    HTH
                    Best Forum Advisor 2014
                    Work in the public sector? You can read my FAQ here
                    Click here to get 15% off your first year's IPSE membership

                    Comment

                    Working...
                    X