gmail hacked?

arknor

arknor

arknor

Caporegime
Joined
22 Nov 2005
Posts
46,779
okay I cant login to my account.
even though I'm pretty sure what the password is.
I usually just say forgot password and get the 4 digit code sent to my phone via sms.
the option is not coming up.

I am still logged in on another browser and I checked the security settings and my mobile phone number is gone completely, I can't add it because it asks the password when I do....

how can my mobile phone number disappear from my google account? surely to remove it you would be asked for the 4 digit code?

anyone else with a gmail account + phone attached check and see if it still is? I don't understand how mine could disappear

okay I managed to guess the password so obviously not hacked...
I login and
GoUGuiS.jpg.png


so wtf google why not let me recover my password via phone like normal? it was added long before December 2013 as well

maybe they rolled back some accounts security settings or something but still bizarre
 
Last edited:
YarwoodUK said:
O8hnj76.png


Because of that? Or am I missing something :s
Click to expand...

that is just to not get asked a code when logging in on this computer , it should still let me request a password reset with a 4 digit pin sent to my phone to confirm I'm the account owner as it always has or why bother adding a phone number....
 
ci_newman said:
Did you have 2-step enabled? If so, account hacking is pretty unlikely.
Click to expand...

yea just seems weird my phone seemed to have been removed from the account and wouldn't let me do the reset via the phone as normal when the phone is clearly still attached to the account or is after I logged back in

I checked the activity log and it's all newcastle
 
Your account has a list of backup one time use codes you will have been asked to note down/screenshot or whatever. Use one of those.

You did note them down didn't you... They're designed to be used in exactly this kind of situation.

Once in install the Google Authenticator app and use that for 2 step sign in instead.
 
mrk said:
Your account has a list of backup one time use codes you will have been asked to note down/screenshot or whatever. Use one of those.

You did note them down didn't you... They're designed to be used in exactly this kind of situation.

Once in install the Google Authenticator app and use that for 2 step sign in instead.
Click to expand...

nope lol never noted them down or lost them.

anyway as I said in my first post edit I got back into the account and everything was fine. my password hadn't changed but I'm still perplexed as to why it wouldn't let me password reset via my phone as it usually does the few times I forget what my password was, also was still logged in on a diff browser and my phone was showing as not attached to the account.
very wierd

anyway I panicked and made this thread
 
Last edited:
As an aside, sometimes I see spam emails going out from my gmail and I have 2 step on

Is this more likely someone is sabotaging my session on my phone when I use public Wifi (BT/VirginMedia) or just someone spoofing and the bounced undelivered messages being displayed in my Gmail as if they were sent
 
Ah right, in that case use the authenticator app from Google.

londonbairn said:
As an aside, sometimes I see spam emails going out from my gmail and I have 2 step on

Is this more likely someone is sabotaging my session on my phone when I use public Wifi (BT/VirginMedia) or just someone spoofing and the bounced undelivered messages being displayed in my Gmail as if they were sent
Click to expand...

As in you see emails in your sent folder that you didn't send? Click the session details link lower right and end all sessions and sign in only on your machine. If someone is using your account you'll kick them off and you'll also see what IPs your account is being accessed from.
 
arknor said:
nope lol never noted them down or lost them.

anyway as I said in my first post edit I got back into the account and everything was fine. my password hadn't changed but I'm still perplexed as to why it wouldn't let me password reset via my phone as it usually does the few times I forget what my password was, also was still logged in on a diff browser and my phone was showing as not attached to the account.
very wierd

anyway I panicked and made this thread
Click to expand...

Just stick to the two step sign-in and keep an eye on the access logs for people signing in from locations you don't usually use. They do send you alerts if the activity is from locations other than those you normally use, this appears to be not working in your case though. I had an alert someone had been trying to access my account from Turkey so changed all my security details post haste, just in case anyone had any record of them.
 
mrk said:
Ah right, in that case use the authenticator app from Google.



As in you see emails in your sent folder that you didn't send? Click the session details link lower right and end all sessions and sign in only on your machine. If someone is using your account you'll kick them off and you'll also see what IPs your account is being accessed from.
Click to expand...

A lot of people miss that; Sign out of all other sessions, useful option.
 
If I may do a mini-hijack, I got a "Welcome to Youtube!" in my gmail inbox earlier, but I never signed up to anything, is it standard practice for them to sign you up like this as part of all things Google?, surely if I (or someone else) were creating an account they would have asked me to verify it by following a link in the email? I've searched around for a contact address but all I can find is crap on canned answers.
 
You must log in or register to reply here.
Back
Top Bottom