Gmail Account Hacked
I had a rather scary, and odd, experience while we were on the road back to Columbus yesterday. I have my blackberry setup to get email from my main Gmail account as well as my work email account, and as we were driving up Route 23 in Kentucky, I noticed an email to that Gmail account, from my other, much less frequently used, Gmail account that was spam. When I went ahead and logged in to that account, I also spotted 3 autoresponses to the spam email from addresses I was vaguely familiar with, as opposed to the random unfamiliar addresses you usually see when your email address is spoofed.
Sure enough, the spam was in my sent box. Obviously, someone had accessed the account in order to send that email. So, I changed my password immediately and my security question later, when I wasn’t working on my blackberry. That account wasn’t tied to any other Google services, as I said, it isn’t my main account, but I also went ahead and changed the password on that one to be safe, and any other service that I thought might have sent an email to that account. I’m slightly befudded as to how that account got compromised. I don’t even log in to it very often, let alone on a public PC or insecure wireless network. Since we were out of town, my immediate thought was that someone had sniffed the password on the hotel wireless, but I don’t think I even logged in to that account. Perhaps there’s some Gmail notified or other service on my iGoogle page that logs in to it and checks for email, and the password got sniffed there, it’s hard to say.
Of course, a little research shows me that this has happened before to others, and it’s something that’s been happening for awhile now. Still it appears no one has a definite answer as to how the account got compromised, so if anyone has more info on that, I’d love to hear it!
Did you happen to check the last logged in IP’s for that account?
Is it possible someone guessed your security question(s)?
Chad, that would have been a good idea, had I thought of it before I logged in with the mobile a few times to change my password, and security question, etc. Those are the last entries when I log in now.
Aaron, I suppose that’s possible. I don’t even remember what the security question was. It is odd though that they only sent the one email, to the 10 contacts I even have in that account, and didn’t even try to change the password or anything. So, little actual damage done, but it still bugs me!
I guess the next logical thing to check would be how long do you remain logged in when you do check that e-mail account. Cross site request forgery, etc. And do you purge your cookies and history on shutdown?
Kyle, cross site might be a possibility. I typically don;t log in to that account directly, but I do have an iGoogle page for that account in Flock, with the gmail notifier on it. I typically only access social networks with Flock like Facebook, LinkedIn etc. so there’s a possibility that something I clicked there could have performed it. Don’t really know for sure though.