Gmail hacked - how?

It's also wise to change your password 2-3 times a year in case an attack does relate to div0's post above regarding one-off machine usage that may have a current password still cookied in.
 
div0 said:
Almost certainly a brute force attack.

I had the same happen a while back, some login from some random place and a few spam emails sent out to various contacts.

No spyware on my regular machines, and a long time since I'd logged in from another machine. It's possible that one of those other machines I once used had been compromised in some way, but I think it's unlikely.

Either way, 2-step authentication is the way to go - which you've already done by the looks of things.

After that, as long as you're fairly sure your machine is clean, just forget it and move on.
Click to expand...

It'd have to be a very easy password to do it via brute force. Google have systems in place to prevent brute force.
 
I had a notification of one of my Gmail accounts password change to my recovery account last week. Someone had obviously hacked it. I got it back pretty sharpish as I happened to be online at the time. I never use it either especially as I only used that account for two sites, Modaco and XDA and I haven't been on those in a year.
 
mrk said:
2 step authentication, enable it!

Also, download the Android Google Authenticator app, it generates the authenticator code for you so you don't need to use the alt option which is where Google send you a login code via SMS. It's just much more convenient and since you most likely have your phone to hand at all times... :)
Click to expand...

+1 for this - works a treat
you can generate a onetime password for programs such as ubuntu evolution mail /outlook /chrome to phone that don't do accept the authentication automatically

also keep an eye on 'last activity' bottom rt of your gmail screen
 
div0 said:
Almost certainly a brute force attack.

I had the same happen a while back, some login from some random place and a few spam emails sent out to various contacts.

No spyware on my regular machines, and a long time since I'd logged in from another machine. It's possible that one of those other machines I once used had been compromised in some way, but I think it's unlikely.

Either way, 2-step authentication is the way to go - which you've already done by the looks of things.

After that, as long as you're fairly sure your machine is clean, just forget it and move on.
Click to expand...
You need the password hash for a brute force where you can then try loads of passwords per second. Something you just can't do with a website.

Unless they have updated since I used it, didn't appear to have anything in place, not even a lock out after x amount of attempts.
Click to expand...
I'm assuming you were trying passwords similar to your own? A random brute force will try 100,000s of passwords and the server will not accept that many requests.
 
Last edited:
Use a strong password that you don't use for any other sites.

Some websites even to this day store their passwords in plain text. Only takes a hacker / employee with access to get your details.

Also, avoid weird looking apps for your phone.
 
Right, I've got an annoying problem now with this 2 step authentication. Even though I have already set up an application specific password for Thunderbird, it keeps on requiring me to create a new one. I am on my 3rd application specific password for Thunderbird so far today. According to Google, I should only have to do this once.

Anyone got any ideas how to stop this happening?

Many thanks

M
 
Monserrat said:
I think you have to do it once for each app. I.e. Mozilla Firefox counts as one if you're using web-based Gmail, Pidgin will count as one, Thunderbird will count as one, and so on.
Click to expand...

Yeah but I'm on my 3rd Thunderbird specific password today because it keeps saying my password isn't valid so I keep having to go into the Gmail web interface and revoke and create a new password for it.
 
You must log in or register to reply here.
Back
Top Bottom