homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » Other Geeky Stuff   » Ask a Geek!   » My Gmail account was compromised

 - UBBFriend: Email this page to someone!    
Author Topic: My Gmail account was compromised
Callipygous
BlabberMouth, a Blabber Odyssey
Member # 2071

Member Rated:
4
Icon 1 posted September 14, 2010 01:26      Profile for Callipygous     Send New Private Message       Edit/Delete Post   Reply With Quote 
Last night some IP address in China got into my Gmail account and sent some (very poorly formatted) html spam to all my contacts. I have changed my password and security question, as advised by the Gmail help section. Should I take any further precautions, and is there anything else I should do, or anyone at Google I should inform?

--------------------
"Knowledge is Power. France is Bacon" - Milton

Posts: 2922 | From: Brighton - UK | Registered: Mar 2003  |  IP: Logged
Ashitaka

SuperFan!
Member # 4924

Member Rated:
4
Icon 1 posted September 14, 2010 02:55      Profile for Ashitaka     Send New Private Message       Edit/Delete Post   Reply With Quote 
change all your other accounts that use this password ( that is only if you are within the majority of people who use the same password for multiple services.)

--------------------
"If they're not gonna make a distinction between Muslims and violent extremists, then why should I take the time to distinguish between decent, fearful white people and racists?"

-Assif Mandvi

Posts: 3089 | From: Switzerland | Registered: Feb 2006  |  IP: Logged
littlefish
BlabberMouth, a Blabber Odyssey
Member # 966

Member Rated:
4
Icon 1 posted September 14, 2010 04:20      Profile for littlefish   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
As the most recent XKCD suggests:

 -

Posts: 2421 | From: That London | Registered: Nov 2001  |  IP: Logged
Ashitaka

SuperFan!
Member # 4924

Member Rated:
4
Icon 1 posted September 14, 2010 06:16      Profile for Ashitaka     Send New Private Message       Edit/Delete Post   Reply With Quote 
I knew I had read about that recently somewhere.

--------------------
"If they're not gonna make a distinction between Muslims and violent extremists, then why should I take the time to distinguish between decent, fearful white people and racists?"

-Assif Mandvi

Posts: 3089 | From: Switzerland | Registered: Feb 2006  |  IP: Logged
Callipygous
BlabberMouth, a Blabber Odyssey
Member # 2071

Member Rated:
4
Icon 1 posted September 14, 2010 10:14      Profile for Callipygous     Send New Private Message       Edit/Delete Post   Reply With Quote 
I use 1Password together with DropBox, so luckily now most of my passwords are different.

--------------------
"Knowledge is Power. France is Bacon" - Milton

Posts: 2922 | From: Brighton - UK | Registered: Mar 2003  |  IP: Logged
Stereo

Solid Nitrozanium SuperFan!
Member # 748

Member Rated:
5
Icon 1 posted September 14, 2010 10:41      Profile for Stereo     Send New Private Message       Edit/Delete Post   Reply With Quote 
I try to find different passwords with a mnemonic that goes with the site, but if I don't use it regularly, I forget it. Good thing is, more often than not, my computer remembers it for me... [crazy]

Perhaps I should make a list, but that's trouble if someone breaks in...

Oh well. At least I do remember the passwords for my banking accounts, and I do not reuse them. Perhaps have a list for the other, free accounts here and there?

And good luck with your problem, Calli. For all I know, 1) changing your password; and 2) signaling out the IM address is all you can do, save for closing the account and creating a new one entirely. With stronger password...

--------------------
Eppur, si muove!

Galileo Galilei

Posts: 2289 | From: Gatineau, Quebec, Canada | Registered: Apr 2001  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted September 14, 2010 17:06      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
One password for sites where I don't care about security (eg, newspaper sites)

One password for sites where I do care about security (eg, gmail)

And for sites where I _really_ care about security (eg online banking) I use a unique password for each site.

All recorded in an encrypted file, in case I forget, or get hit by a truck and Mrs Druid needs to get at them. The password for the encrypted file is long and basically impossible to guess. One password to rule them all, and in the darkness bind them.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
garlicguy

Member # 3166

Member Rated:
5
Icon 14 posted September 14, 2010 17:09      Profile for garlicguy   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by The Famous Druid:
One password for sites where I don't care about security (eg, newspaper sites)

One password for sites where I do care about security (eg, gmail)

And for sites where I _really_ care about security (eg online banking) I use a unique password for each site.

Amazing proof once again that great minds think alike. [Big Grin]

--------------------
I don't know what I was thinking... it seemed like a good idea at the time.

Posts: 3752 | From: Pluto, no matter what you call it, is still my home. | Registered: Dec 2004  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted September 14, 2010 17:16      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
Calli, I've heard several similar stories in recent weeks. I suspect the problem may be at gmail's end, and not carelessness on your part.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
quantumfluff
BlabberMouth, a Blabber Odyssey
Member # 450

Member Rated:
5
Icon 1 posted September 14, 2010 20:06      Profile for quantumfluff     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by Callipygous:
Last night some IP address in China got into my Gmail account and sent some (very poorly formatted) html spam to all my contacts. I have changed my password and security question, as advised by the Gmail help section. Should I take any further precautions, and is there anything else I should do, or anyone at Google I should inform?

The question you have to answer first is how you think they got into your account? You have declared that you use different passwords for everything, so it was not the XKCD attack. It is unlikely to be a breach that lets people hijack gmail accounts specifically (if that existed in the wild, enough so that second rate spammers had it, the security community would know). Sadly that leaves a high probability of the thing you really don't want to hear - a keylogger on you machine.

I may be paranoid, but I go by the ultra-contagen rules. If I have a compromised account than any machine I type the password for that account is suspect, and should be scrubed to bare metal. Likewise, if I have a machine that was compromised, then any account I ever accessed from that machine is compromised and must have a password change.

Posts: 2902 | From: 5 to 15 meters above sea level | Registered: Jun 2000  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted September 14, 2010 21:43      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Stereo: If you use Firefox, you should really use Master Password, so that your passwords can't be used without entering the...wait for it...master password. [Smile]

I can't speak for other browsers, though.

Personally, I stopped using such a feature some time ago, as I've tended to juggle 3 computers in common usage and I tend to use >= 2 browsers on each computer. I follow a moderately similar approach to TFD, though I don't keep much at all in common amongst sites.

IMHO, the 'best' passwords are the ones you barely know, save for how to type them. (Odds are, these _won't_ be in any 'dictionary.') Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
garlicguy

Member # 3166

Member Rated:
5
Icon 1 posted September 15, 2010 11:30      Profile for garlicguy   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by dragonman97:
... Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]

'Air type'? Ha ha ha ha ha. Dragon, this makes you the Joe Cocker of geekdom. (It would be funnier if I didn't find myself doing the same thing at times, and also with passwords, particularly with lengthy numerics.)

gg
[Roll Eyes]

Posts: 3752 | From: Pluto, no matter what you call it, is still my home. | Registered: Dec 2004  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted September 16, 2010 07:06      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
____ Calli, it seems that I have been affected also. I just got a bounced E-Mail that I know I never sent, it was returned because of a "mail box full"

____ Some lady named Cynthia< "my [email protected] server company .com">

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
Stereo

Solid Nitrozanium SuperFan!
Member # 748

Member Rated:
5
Icon 1 posted September 16, 2010 11:05      Profile for Stereo     Send New Private Message       Edit/Delete Post   Reply With Quote 
Heh. Well, if it happens to me... Bad luck! I have no contact in my gmail account! [Big Grin] (I hardly use it anyway; I got it created so I could share my SL activities with the main group I am associated whit. Who wants to know when I have En Garde tournaments? [Big Grin] )

--------------------
Eppur, si muove!

Galileo Galilei

Posts: 2289 | From: Gatineau, Quebec, Canada | Registered: Apr 2001  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted September 16, 2010 13:57      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by TheMoMan:
____ Calli, it seems that I have been affected also. I just got a bounced E-Mail that I know I never sent, it was returned because of a "mail box full"

____ Some lady named Cynthia< "my [email protected] server company .com">

MoMan: That might actually be a 'Joe Job' - someone simply put your address as the "From" address, which causes you to receive the bouncebacks. That doesn't mean your account sent the bad stuff...just that someone pretended to be you when sending spam/phishing.

If you have any doubts, you might consider changing your password just to be on the safe side.

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted September 16, 2010 14:57      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
____ Dman, I only check that account to see if someone did not get the notification that I have a new account.

____ Me wonders if some one has wrote a script that would take a list of valid addys and stuff a mailbox on purpose.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
dragon34
Geek
Member # 997

Member Rated:
5
Icon 1 posted September 23, 2010 14:19      Profile for dragon34     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by dragonman97:
Alas, I had some trouble sharing such a password with a colleague the other day, and had to 'air type' it to figure out what the heck it was. [Razz]

I have to do this ALL THE TIME.

Glad I'm not the only one. Muscle memory is neat huh?

Posts: 146 | From: Central PA | Registered: Nov 2001  |  IP: Logged


All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam