Google Mail Account Hacked

Soldato
Joined
25 Oct 2007
Posts
6,911
Location
Los Angeles
Hi Guys,

Unfortunately my girlfriends account appears to have been hacked. She woke up this morning to see a series of Undeliverable Mail / Bad Domain errors from corporate firewalls and upon checking her sent mail, it appears that 'she' sent a, 'come look at this site' type email to half the people on her contact list.

I changed her password straight away, however is there anything that we can do about this? I seem to remember in a software engineering class that you can write a programme to use any email address you want, however I find it strange that whoever/whatever knew to send to those exact email addresses.

In any case, any help would be greatly appreciated.
 
I seem to remember in a software engineering class that you can write a programme to use any email address you want

That's basically true but if someone had done that, the messages wouldn't show up in her sent box so someone has actually gained access. Aside from changing the password to something decent and difficult to crack, check the other settings like backup email address etc.

She should also check her PC for evidence of a keylogger and if her old password was used for anything else, or if she had passwords for sensitive stuff in her emails, she should change those passwords as well.
 
This happened to me last week, but with Hotmail. I'm careful with who I give my e-mail address out to and what I download. My virus scanner didn't pick up anything, plus my password was a random selection of numbers and letters. I just changed my password and am hoping it doesn't reappear. :p
 
click the 'Details'link at the bottom of the page to see what IP addresses have recently accessed your account:

Last account activity: 44 minutes ago at this IP (xx.xxx.xx.xxx). -----> Details <-----
 
She probably used word from the dictionary as a password, these take moments to crack,

REally?

You get 5 attempts then you're blocked for 15 mins and have to fill i na capatcha each time.

So the "cracker" is either sitting there entering the capatcha over and over or has developed an auto fill program for them (you'd think he's be doing something better paid min that case).

And that's assuming goggle wont just block the account for a day or more after 50th loggin attempt.
 
REally?

You get 5 attempts then you're blocked for 15 mins and have to fill i na capatcha each time.

So the "cracker" is either sitting there entering the capatcha over and over or has developed an auto fill program for them (you'd think he's be doing something better paid min that case).

And that's assuming goggle wont just block the account for a day or more after 50th loggin attempt.

If you have pop3 or imap access enabled in your account settings then im 94% sure that opens a brute force attack window as it doesn't face the same restrictions as web based access. But you're right, it's an infeasible attack if you only have the web based front end to login.

e.g http://edwincastillo.com/archives/111
 
Seems to be a lot of this the last week or so. 4 of my friends all have had spam email sent from their accounts.

My guess it's probably something clicked on Facebook that people wouldn't doubt.
 
If you have pop3 or imap access enabled in your account settings then im 94% sure that opens a brute force attack window as it doesn't face the same restrictions as web based access. But you're right, it's an infeasible attack if you only have the web based front end to login.

e.g http://edwincastillo.com/archives/111

even if that's true it's still a pointlessly long/expensive amount of effort for zero gain.

Would be a better use of the time to just make a load of fake accounts.
 
This happened to me a few weeks ago, started getting texts from people asking my why I was spamming them with dodgey looking websites selling Apple products.

When I logged into my Gmail account there was a big red banner at the top informing me that my account had recently been accessed from China.

Changed the password and so far so good.
 
It takes less than a moment for any 'hacker' to just start a script that sends these mails. I'm sorry to let you all down, but the OP's girlfriend has not been hacked by someone like Neo or Acidburn. She has been hacked most likely by some eastern European teenager that has written a script to bruteforce gmail and she is one of millions that the script has attempted to crack and was successful, OR her comp has a virus and as it has a mail client with SMTP is just using that as the mail server.
 
Two of my friends plus my sister have recently unknowingly sent me spam. I don't think that their accounts are hacked. Just spoofed emails probably. The email addresses don't show up on Google though, so I don't know how they're being harvested.
 
They'll either have entered them to some website, or some of their friends have added them to something, or their computers address book harvested by a virus, or some facebook app has sold their details etc etc etc.
 
A spammer is just using her address as the "From" address. So any bounced emails end up in her inbox.

No one has actually gained access to her account unless it's in the recent activity list.
 
Firstly thanks guys for the advice.

check the other settings like backup email address etc.

Will do.

She should also check her PC for evidence of a keylogger and if her old password was used for anything else, or if she had passwords for sensitive stuff in her emails, she should change those passwords as well.

Yep, really worried about her laptop now. Will check.

click the 'Details'link at the bottom of the page to see what IP addresses have recently accessed your account:

Last account activity: 44 minutes ago at this IP (xx.xxx.xx.xxx). -----> Details <-----

Bingo! See SS below:

haxc.png


Are you a Chinese dissident

LOL, but it appears that the people that hacked my account have nothing better to do than profit from spam.
 
Back
Top Bottom