This is topic My Gmail account was compromised in forum Ask a Geek! at The Geek Culture Forums!.


To visit this topic, use this URL:
http://www.geekculture.com/cgi-bin/ultimatebb/ultimatebb.cgi?ubb=get_topic;f=12;t=002721

Posted by Callipygous (Member # 2071) on September 14, 2010, 01:26:
 
Last night some IP address in China got into my Gmail account and sent some (very poorly formatted) html spam to all my contacts. I have changed my password and security question, as advised by the Gmail help section. Should I take any further precautions, and is there anything else I should do, or anyone at Google I should inform?
 
Posted by Ashitaka (Member # 4924) on September 14, 2010, 02:55:
 
change all your other accounts that use this password ( that is only if you are within the majority of people who use the same password for multiple services.)
 
Posted by littlefish (Member # 966) on September 14, 2010, 04:20:
 
As the most recent XKCD suggests:

 -
 
Posted by Ashitaka (Member # 4924) on September 14, 2010, 06:16:
 
I knew I had read about that recently somewhere.
 
Posted by Callipygous (Member # 2071) on September 14, 2010, 10:14:
 
I use 1Password together with DropBox, so luckily now most of my passwords are different.
 
Posted by Stereo (Member # 748) on September 14, 2010, 10:41:
 
I try to find different passwords with a mnemonic that goes with the site, but if I don't use it regularly, I forget it. Good thing is, more often than not, my computer remembers it for me... [crazy]

Perhaps I should make a list, but that's trouble if someone breaks in...

Oh well. At least I do remember the passwords for my banking accounts, and I do not reuse them. Perhaps have a list for the other, free accounts here and there?

And good luck with your problem, Calli. For all I know, 1) changing your password; and 2) signaling out the IM address is all you can do, save for closing the account and creating a new one entirely. With stronger password...
 
Posted by The Famous Druid (Member # 1769) on September 14, 2010, 17:06:
 
One password for sites where I don't care about security (eg, newspaper sites)

One password for sites where I do care about security (eg, gmail)

And for sites where I _really_ care about security (eg online banking) I use a unique password for each site.

All recorded in an encrypted file, in case I forget, or get hit by a truck and Mrs Druid needs to get at them. The password for the encrypted file is long and basically impossible to guess. One password to rule them all, and in the darkness bind them.
 
Posted by garlicguy (Member # 3166) on September 14, 2010, 17:09:
 
quote:
Originally posted by The Famous Druid:
One password for sites where I don't care about security (eg, newspaper sites)

One password for sites where I do care about security (eg, gmail)

And for sites where I _really_ care about security (eg online banking) I use a unique password for each site.

Amazing proof once again that great minds think alike. [Big Grin]
 
Posted by The Famous Druid (Member # 1769) on September 14, 2010, 17:16:
 
Calli, I've heard several similar stories in recent weeks. I suspect the problem may be at gmail's end, and not carelessness on your part.
 
Posted by quantumfluff (Member # 450) on September 14, 2010, 20:06:
 
quote:
Originally posted by Callipygous:
Last night some IP address in China got into my Gmail account and sent some (very poorly formatted) html spam to all my contacts. I have changed my password and security question, as advised by the Gmail help section. Should I take any further precautions, and is there anything else I should do, or anyone at Google I should inform?

The question you have to answer first is how you think they got into your account? You have declared that you use different passwords for everything, so it was not the XKCD attack. It is unlikely to be a breach that lets people hijack gmail accounts specifically (if that existed in the wild, enough so that second rate spammers had it, the security community would know). Sadly that leaves a high probability of the thing you really don't want to hear - a keylogger on you machine.

I may be paranoid, but I go by the ultra-contagen rules. If I have a compromised account than any machine I type the password for that account is suspect, and should be scrubed to bare metal. Likewise, if I have a machine that was compromised, then any account I ever accessed from that machine is compromised and must have a password change.
 
Posted by dragonman97 (Member # 780) on September 14, 2010, 21:43:
 
Stereo: If you use Firefox, you should really use Master Password, so that your passwords can't be used without entering the...wait for it...master password. [Smile]

I can't speak for other browsers, though.

Personally, I stopped using such a feature some time ago, as I've tended to juggle 3 computers in common usage and I tend to use >= 2 browsers on each computer. I follow a moderately similar approach to TFD, though I don't keep much at all in common amongst sites.

IMHO, the 'best' passwords are the ones you barely know, save for how to type them. (Odds are, these _won't_ be in any 'dictionary.') Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]
 
Posted by garlicguy (Member # 3166) on September 15, 2010, 11:30:
 
quote:
Originally posted by dragonman97:
... Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]

'Air type'? Ha ha ha ha ha. Dragon, this makes you the Joe Cocker of geekdom. (It would be funnier if I didn't find myself doing the same thing at times, and also with passwords, particularly with lengthy numerics.)

gg
[Roll Eyes]
 
Posted by TheMoMan (Member # 1659) on September 16, 2010, 07:06:
 
____ Calli, it seems that I have been affected also. I just got a bounced E-Mail that I know I never sent, it was returned because of a "mail box full"

____ Some lady named Cynthia< "my [email protected] server company .com">
 
Posted by Stereo (Member # 748) on September 16, 2010, 11:05:
 
Heh. Well, if it happens to me... Bad luck! I have no contact in my gmail account! [Big Grin] (I hardly use it anyway; I got it created so I could share my SL activities with the main group I am associated whit. Who wants to know when I have En Garde tournaments? [Big Grin] )
 
Posted by dragonman97 (Member # 780) on September 16, 2010, 13:57:
 
quote:
Originally posted by TheMoMan:
____ Calli, it seems that I have been affected also. I just got a bounced E-Mail that I know I never sent, it was returned because of a "mail box full"

____ Some lady named Cynthia< "my [email protected] server company .com">

MoMan: That might actually be a 'Joe Job' - someone simply put your address as the "From" address, which causes you to receive the bouncebacks. That doesn't mean your account sent the bad stuff...just that someone pretended to be you when sending spam/phishing.

If you have any doubts, you might consider changing your password just to be on the safe side.
 
Posted by TheMoMan (Member # 1659) on September 16, 2010, 14:57:
 
____ Dman, I only check that account to see if someone did not get the notification that I have a new account.

____ Me wonders if some one has wrote a script that would take a list of valid addys and stuff a mailbox on purpose.
 
Posted by dragon34 (Member # 997) on September 23, 2010, 14:19:
 
quote:
Originally posted by dragonman97:
Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]

I have to do this ALL THE TIME.

Glad I'm not the only one. Muscle memory is neat huh?
 


© 2018 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0