Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Escalating Gmail/Spamming Attacks

kdawson posted more than 4 years ago | from the be-careful-out-there dept.

Spam 139

We've been getting submissions about an uptick in compromised Gmail accounts in the last few days, but nothing that could be substantiated. Robert McMillan did a bit of digging and now reports in PC World that "Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days. ... [I]n forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. ... Google says there's no Gmail bug. ... 'Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale.'" Here's how to tell if your Gmail account has been accessed by bad guys, and what to do about it.

cancel ×

139 comments

Sorry! There are no comments related to the filter you selected.

first spam (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31916684)

next time, please suck your shit off my dick you homo.

Happy Birthday Adolph (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31916702)

,d88b.d88b,
88888888888
`Y8888888Y'
  `Y888Y'
    `Y'

#In Memory of Adolf Hitler#
We will always remember
and cherish you. Your
acts of selflessness
will be passed down from
generation to generation.
The lies that dishonor your
name will be vanquished.
You were a true patriot
and a lover of all men,
all races, all religions.
#In Memory of Adolf Hitler#

http://slashdot.org/comments.pl?&sid=20721

Re:Happy Birthday Adolph (0)

Anonymous Coward | more than 4 years ago | (#31917572)

You bastard. I needed this reminder that I share my birthday with one of the lowest life forms ever to have inhabited a human-looking body. Douchebag.

Re:Happy Birthday Adolph (0, Offtopic)

aquila.solo (1231830) | more than 4 years ago | (#31918732)

Happy birthday, AC!

Recent Security Theft at Google (5, Interesting)

teknopurge (199509) | more than 4 years ago | (#31916708)

Wasn't that google sso (Gaia) code ganked recently? Wonder if it's connected....

First bug found? (1)

kyrio (1091003) | more than 4 years ago | (#31916718)

Sounds like the outcome of the stolen login source.

I'd be surprised... (0)

Anonymous Coward | more than 4 years ago | (#31916720)

...if this didn't have an effect in Wall Street.

This happened to my significant other (4, Interesting)

Polarism (736984) | more than 4 years ago | (#31916726)

About a week ago, ironically. She had a pathetic password, so I wasn't too surprised. The upside to the story was that we contained it rapidly, and now she actually USES keepass for all her passwords. Woot! Thanks mister Romanian hacker dude.

Re:This happened to my significant other (1, Funny)

Beardo the Bearded (321478) | more than 4 years ago | (#31916780)

She had a pathetic password, so I wasn't too surprised.

Was it "penis" or "hunter2"?

Re:This happened to my significant other (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31916830)

She had a pathetic password, so I wasn't too surprised.

Was it "penis" or "hunter2"?

He has the pathetic penis password, she uses hunter2.

Re:This happened to my significant other (4, Funny)

drachenstern (160456) | more than 4 years ago | (#31916832)

She had a pathetic password, so I wasn't too surprised.

Was it "cravf" or "*******"?

I don't understand your post. It appears to have been garbled on the way in. Can you repost?

Re:This happened to my significant other (3, Funny)

Conditioner (1405031) | more than 4 years ago | (#31917066)

Oh wow, Slashdot has this cool new feature that masks passwords when you type them in a post !!! check i tout, this is my password: *******

Re:This happened to my significant other (0, Flamebait)

Anarki2004 (1652007) | more than 4 years ago | (#31917464)

orly?

Here's my password: Nicefuckentryyoustupidassholethisisslashdothowstupiddoyouthinkweare?

Re:This happened to my significant other (1)

Runaway1956 (1322357) | more than 4 years ago | (#31917586)

Password: This_is_slashdot_and_some_people_really_are_that_stupid***

Re:This happened to my significant other (2, Informative)

Sique (173459) | more than 4 years ago | (#31919086)

Here's my password: Nicefuckentryyoustupidassholethisisslashdothowstupiddoyouthinkweare?

Which actually means: "I have never read bash.org [bash.org] ."

actual problem is using the same password (4, Interesting)

pikine (771084) | more than 4 years ago | (#31916856)

Apparently this happened to someone I know. She created a third-party web account (in her case, I think it's LinkedIn), entered her Gmail address, and used the same Gmail password for that account. I had to remind everyone I know that some websites *always* check to see if they can log into your e-mail with the password you supplied. Or it could be that the third-party account database was compromised. Either way, always use a different password. A lot of websites apparently store password in clear text, or in non-salted SHA1 or MD5 form so you can easily perform an inverse lookup [sha1-lookup.com] .

After she changed her password, her account is clean again.

Re:actual problem is using the same password (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31916884)

her account may be clean, but her pussy isn't. smells like a dozen armenians ran train on that thing.

Re:actual problem is using the same password (1)

trapnest (1608791) | more than 4 years ago | (#31917154)

I had to remind everyone I know that some websites *always* check to see if they can log into your e-mail with the password you supplied.

[citation needed]

Re:actual problem is using the same password (1)

Sir_Lewk (967686) | more than 4 years ago | (#31917494)

Clearly not all websites do that, it's an exaggeration. It's a damned useful one though, one should always assume it is the case.

Re:actual problem is using the same password (2, Interesting)

0100010001010011 (652467) | more than 4 years ago | (#31917782)

Which is why I use Password Composer [xs4all.nl]

Lets say my 'password' (mor of a salt) is hunter2.

For google.com my password is: 9594ab73
For facebook.com my password is: e288ff0e

You don't even need to use that form, sha1 or md5 (or even doubled up) should work fine.

md5(sha1("slashdot.org"+"hunter2")) should provide an adequately uncrackable password.

Re:actual problem is using the same password (1)

houghi (78078) | more than 4 years ago | (#31919166)

Always using a different password is great, but with many websites and many computers I use (some of them not mine, so things like Xmarks don't work) highly impractical.

Re:This happened to my significant other (0, Offtopic)

Zixaphir (845917) | more than 4 years ago | (#31916954)

The correct term would be coincidentally, not ironically.

They have a point (2, Interesting)

alexborges (313924) | more than 4 years ago | (#31916738)

It makes sense bots would use the mobile interface. Its lighter so it uses less bandwidth, so more spam-per-bots == profit.

Re:They have a point (2, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#31916772)

Not to mention the security on a mobile device is about as strong as a wet paper bag, I wouldn't be surprised if they managed to infect mobile devices instead of just using the mobile interface.

Re:They have a point (2, Informative)

drachenstern (160456) | more than 4 years ago | (#31916848)

There's been quite a bit of talk on this lately. See for instance this post at Sophos (not exactly a no-name company) http://www.sophos.com/blogs/sophoslabs/?p=1156 [sophos.com]

Re:They have a point (1)

Itninja (937614) | more than 4 years ago | (#31916812)

I wish I could make sense bots. That would be awesome.

Got mine too (4, Informative)

gander666 (723553) | more than 4 years ago | (#31916762)

And I had a pretty secure password. Now it is much more secure.

I got lucky, noticed the odd activity (from Texas no less) and jumped all over fixing it.

Re:Got mine too (1)

cosm (1072588) | more than 4 years ago | (#31916842)

If you tell me both passwords, I can tell if they are "not secure at all" fairly quickly.

Re:Got mine too (4, Funny)

WrongSizeGlass (838941) | more than 4 years ago | (#31917026)

old pass: gMALE
new pass: Eyjafjallajökull

Re:Got mine too (1)

Cryacin (657549) | more than 4 years ago | (#31917036)

But you'll need his credit card and SSN as well.

Re:Got mine too (1)

drachenstern (160456) | more than 4 years ago | (#31916858)

Yeah but what's weird for me is seeing the ATT traveling through one of the ATT-partner networks coming out of PA. So 99% of my gmail access tends to be from 2 local IP addresses, but the iPhone shows up as a PA geo-IP.

Go figure.

Point is, people may not realize that their phone is showing up as coming from somewhere not-local and they'll think they've been had. Well, hopefully this group is smarter than that.

Re:Got mine too (1)

HeronBlademaster (1079477) | more than 4 years ago | (#31917238)

I know several people whose mobile phone access shows up as coming from Texas, though they don't live in Texas. Google just uses someone's geolocation database, but carriers like AT&T don't have to follow that... for a while my friend thought his account had been hacked as well, but it was repeatable - clear the list of sessions, then connect from his phone, and a Texas entry would show up.

Have you checked whether that was the case for you?

Re:Got mine too (1)

gander666 (723553) | more than 4 years ago | (#31917290)

Yep, and nope, it wasn't the phone connection. The phone connects via IMAP, and its connections all source from my home state (when I am not traveling). The TX connections were POP3 (I do not ever use POP3) and had odd times of access.

my only sin was that I haven't cycled the gmail password in a couple of years (lazy). Now it is a randomly generated 20 character password from KeePass. Took me 10 minutes to memorize it.

Re:Got mine too (1)

gander666 (723553) | more than 4 years ago | (#31917294)

Well, that isn't my only sin, but the only related one... :-)

Re:Got mine too (1)

wcoenen (1274706) | more than 4 years ago | (#31917538)

Do you use this "pretty secure password" on multiple accounts, other than gmail I mean?

Re:Got mine too (4, Interesting)

Jahava (946858) | more than 4 years ago | (#31917746)

This type of thing happened to a friend of mine. At 1 in the morning I got an e-mail from him advertising Viagra. After some decent analysis we concluded that his illegal copy of Windows 7 was probably to blame. My belief is that the ISO came with a rootkit gratis.

I'm writing this half as a "me-too" and half as a note of caution ... illegal operating system downloads are probably the easiest way someone can infect you. If you're running under such a configuration, I'd re-evaluate the cost ... or consider a better option [ubuntu.com] :)

Re:Got mine too (0)

Anonymous Coward | more than 4 years ago | (#31918952)

I usually laugh when I read crap like this but this did happen to me. It appears someone sent spam to everyone in my address book. What's funny is I use a good password and I watch where I surf. I also don't check my mail via any Google Apps or even the web; I strictly IMAP from my non-jail broken iPhone as well as TBIRD.

I have changed my password since it happened but something is definitely going on at Google. I almost feel like my account wasn't compromised so to speak, it's almost like someone administratively logged in, did some dirty work, and then left.

What's odd on their 'Details' page is one IP I don't recognize:

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: 166-205-140-229.mobile.mymmode.com
Address: 166.205.140.229

I don't do any third party checking nor check my gmail on mobile other than my iPhone which uses my wireless although perhaps if mymmode.com belongs to ATT, it's possible it was on Edge.

Either way, something definitely happened at Google and wish I knew what. Makes you feel violated, actually.

Re:Got mine too (1)

Fishbulb (32296) | more than 4 years ago | (#31919062)

Mine also had one from TX. Isn't there a big spamhaus in TX?

Very true. (4, Funny)

T Murphy (1054674) | more than 4 years ago | (#31916800)

I can verify this trend. Several of my aunts have switched to Gmail lately, decreasing the spam I get from Hotmail/Yahoo and being replaced by Gmail-based spam.

Re:Very true. (1)

Lavene (1025400) | more than 4 years ago | (#31916862)

I can verify this trend. Several of my aunts have switched to Gmail lately, decreasing the spam I get from Hotmail/Yahoo and being replaced by Gmail-based spam.

I have turned to a whitelist policy when it comes to Gmail. All @gmail.com e-mails go directly into the trash unless I have witelisted that particular address...

Re:Very true. (1)

Blackbrain (94923) | more than 4 years ago | (#31917180)

Doesn't help in this case. I've had two friends get compromised in the last week. In both cases, since I was in their address book, I got V1agra spam from their accounts. The messages were from legitimate white listed Gmail addresses sent from legitimate Google servers.

Re:Very true. (1)

Lavene (1025400) | more than 4 years ago | (#31917352)

Doesn't help in this case. I've had two friends get compromised in the last week. In both cases, since I was in their address book, I got V1agra spam from their accounts. The messages were from legitimate white listed Gmail addresses sent from legitimate Google servers.

Duh! Of course... And I even read TFA! Guess I forgot to connect my eyes to my brain.

Re:Very true. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31917198)

I'm glad you misunderstood the GP's post in order to point out that you're a massive pretentious asshole. Thank you.

Breaking in? (2, Interesting)

Itninja (937614) | more than 4 years ago | (#31916900)

Are they really 'breaking in'? If I leave a post-it on my front door that says 'key under mat', and someone uses that to get into my home, I don't believe that's 'breaking in'. So if I have a Gmail password of 'password123', and my account is compromised, can we call that 'breaking in'. Not really sure if computer crime is analogous in this way. Trespassing maybe...

Re:Breaking in? (0)

Anonymous Coward | more than 4 years ago | (#31917068)

Of course it's breaking in. The analogy would be if you if left your laptop outside with a desktop background describing how to get into your email. Even then it still may be criminal

Re:Breaking in? (1, Informative)

Anonymous Coward | more than 4 years ago | (#31917108)

breaking, or more accurately to break and enter does not actually refer to the process of causing damage to enter a property. It is simply the act of breaking or passing through the defined boundary of a house or property you are not supposed to be in. As such you can break and enter a building by walking through an open door.

Re:Breaking in? (1)

DerekLyons (302214) | more than 4 years ago | (#31917132)

And once again, Slashdot blames the victim.

Re:Breaking in? (1)

Tolkien (664315) | more than 4 years ago | (#31917254)

No, Itninja blames the victim. If he's going to single out the victim, lets single out the one throwing stones.

Re:Breaking in? (0, Flamebait)

Itninja (937614) | more than 4 years ago | (#31917368)

Relax junior. I'm not blaming anyone. Just wondering how 'breaking in' is defined with regards to computer crime. For a home, the crime of 'breaking and entering' has a very specific definition. If the door was unlocked for example, and someone came in, it's not 'breaking in'.

Re:Breaking in? (2)

Zardus (464755) | more than 4 years ago | (#31917504)

Having a weak password is more like having a dinky combination lock on your front door, not like leaving it open. If someone comes up to your house and cracks your $2.98 Walmart combo lock, they're still robbing you.

Also, how can you call someone who's ID is well over 600,000 lower than yours a junior? It defies all reason! By common sense, DerekLyons is 3 times your age.

Re:Breaking in? (1)

rliden (1473185) | more than 4 years ago | (#31917532)

That would probably depend on your current residence. In the United States it *is* breaking and entering if you enter another person's home without permission whether your door is locked or not.

Your original analogy is shortsighted. Having a simple password is more akin to having an easily copied house key and not permission to enter a domicile. Your condescending belligerent attitude (relax junior) betrays your lack of intelligence and ability to think critically.

Re:Breaking in? (1)

Itninja (937614) | more than 4 years ago | (#31918714)

If you consider the term 'relax junior' condescending and belligerent, then I am guessing you are living a very sheltered life. One day, when you're ready, you can buy yourself a legal dictionary and know how B&E are defined. Trust me, it's a bit more complex that what a Google search can give you.

Re:Breaking in? (1)

rliden (1473185) | more than 4 years ago | (#31918878)

I didn't Google it and I'm not a lawyer or work with law enforcement. I had this explained to me by the police after a robbery. If the intent is theft you can be charged with burglary; if not, at the least you can be charged with criminal trespass. It may be more complicated, or not, but the bottom line is it's not okay to enter another person's private residence (and it's not limited to private residence) without permission. Blaming someone for having an easily copied key or weak security doesn't and shouldn't imply they are at fault. This is where you original criticism of the victim is weak.

Here is a definition of "Breaking and Entering" from lawyers.com: Breaking and entering [lawyers.com] . Here is the definition of privilege [lawyers.com] from the same source. According to that site those definitions are based on the Merriam-Webster Dictionary of Law. Here is another site that discusses burglary in regards to B&E: Burglary [justia.com] .

Re:Breaking in? (0)

Anonymous Coward | more than 4 years ago | (#31917444)

The victim wouldn't be getting the blame on Slashdot if this was about Hotmail.

Re:Breaking in? (1)

mycroft822 (822167) | more than 4 years ago | (#31917170)

Well in my case they certainly did. The password I had been using was "very secure", or whatever their highest rating of them is called, and somehow they got in to my account to send messages. I saw server bounce messages popping up on emails written in Spanish, so I was fairly certain they weren't coming from me. This was around Jan/Feb though, and from TFA:

The New York Times reported Monday that Google's centralized login system, code-named Gaia, was compromised by hackers in late December.

Re:Breaking in? (2, Insightful)

maxume (22995) | more than 4 years ago | (#31917208)

The problem with that analogy is that the vast majority of door locks have complexity equivalent to 'password123'.

Re:Breaking in? (2, Informative)

JWSmythe (446288) | more than 4 years ago | (#31917424)

    Is that a reference to the antique method of springs and tumblers which can be easily displaced with a pick and a tensioner, or the fact that most residential locks have up to 6 pins cut to one of ten depths (10^6 combinations or less) or the fact that a bump key will open almost any lock that you may encounter?

Re:Breaking in? (2, Interesting)

Mashiki (184564) | more than 4 years ago | (#31917564)

My other gmail account just got yoinked and I'm in the process of recovering it. This account is just fine atleast right now. I use alphanumerics mixed with upper and lower case. And a unique pass on each account. Something...odd is going on.

Re:Breaking in? (5, Interesting)

plf5403 (916926) | more than 4 years ago | (#31917952)

My Gmail account was accessed by the Amazon EC2 cloud about a week ago. (http ://aws.amazon.com/ec2/ ) I have an 18 character upper/lower/numeric/special character password so I'm guessing it wasn't a dictionary attack. "Something" odd is definitely going on. I changed the account password as soon as I was alerted to the unusual IP and have been OK since, but I'm watching the access IP's like a hawk now. An no, I don't use this password for any other web site or application.

Re:Breaking in? (1)

demonlapin (527802) | more than 4 years ago | (#31918664)

I survived only because I had a very-rarely-used account that was my original gmail account, which I used to invite myself to my commonly-used account. It had the critical data - the invitation URL, etc. - that made it easy to get my account back.

But this is definitely a major break-in - I didn't have any spam posted from my account, but I did get password reset requests from Twitter and Facebook. By the time those had occurred, I had already changed the passwords to all involved accounts.

Android? (0)

Anonymous Coward | more than 4 years ago | (#31916904)

I have an Android phone (Moto Droid)... curious to see if anybody else that's been compromised has one, too?

Re:Android? (1)

pizzaandwine (1751362) | more than 4 years ago | (#31917558)

Another (happier) victim with an Android phone here. Unclear to me whether they accessed via Android or not to me. I'd be quite surprised as I run a quite-tight set of Linux ships. Happy because 2 female friends of mine simply wrote "thank-yous" for the link to herbal viagra. It was worth cleaning up the mess.

All this, and more ... (0)

Anonymous Coward | more than 4 years ago | (#31916928)

All this, and more, brought to you by the "Cloud"®.

Gotta love that Cloud® thingy, it's way more secure than old fashioned email.

Convenience kills civilizations, R.I.P., it's already too late for the "Western Posse" so full of narcissism that they can only see profits, and units in a world full of diminishing resources, welcome back to the third world, any day now.

I'll miss it, but hopefully adapt.

Where are your filters now? (4, Interesting)

damn_registrars (1103043) | more than 4 years ago | (#31917088)

Can your filters respond to an avalanche of spam from an increasing number of throw-away email accounts when it is relayed by legitimate email servers? Can your filters handle spam email that changes body, subject, header, relay, and source address? How much time are you putting into these filtering configurations to do that?

Maybe it is time to start thinking about how to actually address the spamming problem now, instead of just dealing with the spam itself. Your filters aren't going to help you forever...

Re:Where are your filters now? (2, Insightful)

icebraining (1313345) | more than 4 years ago | (#31917310)

Maybe it is time to start thinking about how to actually address the spamming problem now, instead of just dealing with the spam itself.

Except that many did, and those solutions were dismissed because they won't work.

Re:Where are your filters now? (2, Interesting)

damn_registrars (1103043) | more than 4 years ago | (#31918168)

Maybe it is time to start thinking about how to actually address the spamming problem now, instead of just dealing with the spam itself.

Except that many did, and those solutions were dismissed because they won't work.

First, your assertion of "they won't work" is false. Groups have managed to disconnect botnets from their controllers during spam floods, and that does effectively stop spam from being sent. It is far more effective than any filter could ever hope to be at reducing spam-driven network traffic. And when people start pooling their resources to take the proper steps to remove spammers from their profit motives, we will see the real difference.

And second, are you actually trying to either defend scaling up filters (in an endless arms race) until the end of time, or are you suggesting instead to do nothing at all (which is equally as useful)?

If people want to actually stop spam, they can't just keep updating filters. Because sticking to filters only increases the cost of spam for everyone.

Re:Where are your filters now? (0)

Anonymous Coward | more than 4 years ago | (#31917520)

Apparently mine can.
I use gmail.
Time spent: 0
False positives: 0
False negatives: <0.01%

Re:Where are your filters now? (0)

Anonymous Coward | more than 4 years ago | (#31917926)

You know what your right. The first time I sent an email by telnet and used a different name/domain name/ip address I couldn't believe how ridiculous the the whole email system is. For crying out loud atleast verifiy the address....

This happened to a family member . . . (3, Interesting)

pacergh (882705) | more than 4 years ago | (#31917116)

And I reviewed her security protocols. She has a Mac and uses Firefox or Chrome exclusively. This leaves out attacks based on Microsoft security holes (un-updated Microsoft installations, etc).

She visits sites while still logged into Google. I wonder if there is some way to do that. The only other thing I can think is that she used her email address to create an account at a compromised or fake website and used that email account's password as the account password.

Nevertheless, I can confirm the unauthorized access was through the mobile interface. In fact, the access point was Portugal.

The only other thing I can think of is somehow her use of Google's software for accessing her email or syncing her calendar through her iPod Touch might have been compromised. Then again, she only connects to the network here. (Unless she left it roaming.)

On a side note, GMail, by default, does not require an SSL connection. I wonder if anyone who was hacked had their settings set to require that.

Anyway, the point is that Google's assertions that accounts are compromised is bogus. If my family member's account was compromised, it was because of an insecurity in Gmail. Either browsing while logged into Google, or by not requiring an SSL connection to access Gmail, I don't know -- but I feel confident the insecurity was not the typical social engineering or browser/chat hole.

As some have said above -- Gotta love the Cloud!

I think I'll keep predominantly to old-fashioned email. After all, Google went and picked a fight with the Chinese. Maybe it isn't state-sponsored hacking, but that doesn't mean it's not Chinese hacking.

Re:This happened to a family member . . . (2, Informative)

trapnest (1608791) | more than 4 years ago | (#31917218)

On a side note, GMail, by default, does not require an SSL connection. I wonder if anyone who was hacked had their settings set to require that.

This used to be the case, but they've changed now. http://www.wired.com/threatlevel/2010/01/google-turns-on-gmail-encryption-to-protect-wi-fi-users/ [wired.com]

Re:This happened to a family member . . . (1)

n1ywb (555767) | more than 4 years ago | (#31917608)

I have "always use https" turned, on, and I was hacked. Then again I used a pretty shitty password.

Happened to one my accounts as well (3, Interesting)

RootWind (993172) | more than 4 years ago | (#31917188)

This happened to a gmail account that I use specifically just to auto-forward e-mails. I never log-in to it since all it does is forward, and it had a pretty secure password. I would imagine a spammer wouldn't just brute-force random accounts?

Re:Happened to one my accounts as well (1)

RootWind (993172) | more than 4 years ago | (#31917296)

This is what was in the details before I changed the password last week:
Mobile Algeria (41.103.164.236) Apr 14 (6 days ago)
Mobile Serbia (94.189.168.76) Apr 14 (6 days ago)
Mobile Saudi Arabia (77.64.47.176) Apr 9
Mobile United States (TX) (208.54.171.181) Apr 7

From people describing that they see Texas and Serbia activity. It sounds almost like it's all the same "entity"?

Re:Happened to one my accounts as well (0)

Anonymous Coward | more than 4 years ago | (#31918158)

The one I found out about was also from a mobile last Saturday, but in the Ukraine

Mobile Ukraine (94.179.112.145) Apr 17

Re:Happened to one my accounts as well (3, Informative)

icebraining (1313345) | more than 4 years ago | (#31917334)

I would imagine a spammer wouldn't just brute-force random accounts?

GMail shows a captcha after a few tries.

Almost, but not really (1)

SpaceGhost (23971) | more than 4 years ago | (#31917196)

As soon as I read this I went to my account, and saw a lot of mobile activity from California. I freaked! Then I had a thought - so I went to my WM6 cell phone and had it synchronize with gmail. Aha! I knew it - my cell phone is really in California. (And some mobile activity may be legit, and the state may be wrong, as I'm in Texas, T-Mobile must route it out there.)

Funny (2, Interesting)

vikingpower (768921) | more than 4 years ago | (#31917216)

A rapid scan shows that most of those who, here on this page AND are complaning about or admitting to having gmail accounts hacked, are within the US. I am in Austria, and know of no compromised accounts whatsoever - friends, acqaintances, etc. etc. Although the Serbian hackers are damn close... Coincidence ?

Re:Funny (1)

Zardus (464755) | more than 4 years ago | (#31917536)

Probably.

Happened to me last week (3, Informative)

tylersoze (789256) | more than 4 years ago | (#31917230)

Yeah this happened to me last week and had a secure 8 character password made up of random letters and numbers. I'm not sure if it was a hack or maybe I just got sloppy and used that same password on some other site were I also provided my e-mail and they somehow got it that way. I'm not sure if I had the SSL setting enabled because when I went to set it, neither the http or https radio button was set. I had also just written up an automated perl server monitoring script a few days before that would use the account to send an automated message (via SSL) but that could have been coincidental, who knows? All they did was send Viagra spam to all the contacts. I immediately changed the password and also made the security question/answer nonsense since I can remember my damn password. Only check the mail from my Macbook or iPhone.

GMail's Security is Crap (5, Interesting)

virb67 (1771270) | more than 4 years ago | (#31917280)

Gmail's security sucks and it's customer service is non-existent. Try getting Google to respond to your attempts to regain control of your own gmail account after it's been hacked.

My friend had her gmail hacked recently. The hackers locked her out, changed her private info, and then sent this email to every single one of her contacts:

"i'm sorry for this odd request because it might get to you too urgent but it's because of the situation of things right now,We are stuck in london right now,we came down here on vacation ,we were robbed, worse of it is that bags, cash and cards and cell phone were stolen at GUN POINT, it's such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but dont have enough money to get on a plane back home, and i need you to loan me some cash just to complete the ticket fee till we are back home to refund it back to you,i'm dead serious about this.hope to read back from you asap."

The hackers then sat logged-in to her account pretending to e her, and chatted with her contacts via gmail chat begging them to Western Union cash ASAP.

Over the course of many hours, we tried to regain control of the account via Google's automated system, but we were repeatedly denied. There was no way to contact an actual human being at Google. After a day of pleading on Google forums, control was finally returned to the accounts rightful owner, but the damage was already done.

Google encourages people to trust gmail with their most sensitive personal data. I think their negligence and lack of response regarding their own products' defects borders on criminal.

Re:GMail's Security is Crap (3, Insightful)

Kalriath (849904) | more than 4 years ago | (#31917360)

Yet 30 seconds on the phone if you were a Google Apps customer and - BANG! - that email would be back under your control. I guess it's the "you get what you pay for" thing.

And yes, I do recognise that your personal info and email messages to datamine is in fact worth something (and therefore a form of payment) but I guess Google doesn't.

Re:GMail's Security is Crap (1)

demonlapin (527802) | more than 4 years ago | (#31918694)

The problem is that I can't just pay Google to do this for me. My account was hacked last week or so - I would have paid $20 on the spot to speak to a human being to get my account reviewed to assure that nothing was compromised, no emails were sent, and for a password reset keyed to my mobile phone. Instead I had to navigate the hacked accounts form.

Re:GMail's Security is Crap (0, Troll)

John Hasler (414242) | more than 4 years ago | (#31917710)

> Gmail's security sucks and it's customer service is non-existent.

If you want customer service become a customer. Users of free accounts are not customers. A business's customers are the people who pay them money: advertisers, in Google's case.

> Google encourages people to trust gmail with their most sensitive personal
> data. I think their negligence and lack of response regarding their own
> products' defects borders on criminal.

You got what you paid for.

For email (Webmail and POP/IMAP) and Usenet I suggest Newsguy. It's an actual business, not an advertising agency.

Recovery Options Slim to None (4, Interesting)

rothstei (1357055) | more than 4 years ago | (#31917288)

Happened to my spouse. Password was more than eight characters, letters, numbers, etc. but I think her work is the likely vulnerability (these free screen savers are great!) No more of that now, obviously. The awful part was trying to get the account back. Because of Gmail's "Swiss Bank Account" set up, there is no way to prove you are the real user. She lost access to Email, Docs, Calendar. She just kept filling out the form, and getting rejected. Google advises to set a security question, but that was the second thing changed, after the password. Only after filling out the form over and over for 10 days, was she finally judged to be "real", and her password was reset. For the cloud to take off, there has to be a better structure. A local admin structure? If we were going to start using Google products again fresh, I would sign us up for a free Apps domain, and then give us each user accounts. (When I first signed up for free Webmail, not only did I not know my spouse, I had no idea much of our data-lives would eventually be linked to the account.) That way, if anything untoward happens, I can login as admin from home and reset the accounts. Unfortunately, I don't think there's a way to link personal accounts into an Apps set up. Not yet anyway (crossing fingers). My other work around is that I set up a proxy double email account, to which my real address forwards everything. If for some reason I need to read my email from an unsecured computer, I log in to the proxy account, where I can read copies of all my mail. If its compromised, I cut it off from the actual account faster than a zombifying limb. Still not a great solution, because all my mail is compromised, but at least I don't lose control of my email address and the rest of my Google account.

Re:Recovery Options Slim to None (2, Insightful)

RJFerret (1279530) | more than 4 years ago | (#31917838)

This is why I don't like having the same cookies/login for multiple sites. I use a Yahoo email for Google Calendar and Google Voice for exactly that reason. But this reminds me to download/archive my calendar. (I know someone who lost their gmail account and there calendar went bye-bye too.)

I wonder if sharing it with another account would insure against that risk?

In my case, I don't put all my eggs in one basket.

Re:Recovery Options Slim to None (1)

demonlapin (527802) | more than 4 years ago | (#31918710)

Crucial take-home message: if you account is ever hacked, having the invitation URL and inviting email address for your invite to GMail will radically simplify the process.

Re:Recovery Options Slim to None (0)

Anonymous Coward | more than 4 years ago | (#31919198)

Setting up account recovery via SMS [google.com] might have helped in this situation as well.

It's happening to quite a few.. (1)

zoid.com (311775) | more than 4 years ago | (#31917478)

I posted the info last night in the thread about someone stealing google's auth code. I don't think it's a dictionary attack. I think it's related to using the password on other sites. Happend to my wife right after setting up a Nike account. No malware detected. I guess it could be fishing sites.

i got more spam at my non-google account (1)

n3v (412497) | more than 4 years ago | (#31917602)

although i also recently started getting Nigerian offers for my craigslist posts from ppl with gmail accounts..

compromised (3, Interesting)

echostorm (865318) | more than 4 years ago | (#31917616)

I seem to have been compromised by Chinese mmorpg gold farmers. They even send their sent mail to the trash, which I find interesting. They have sent over 15 emails already in the past 4 hours advertising the site: www.Mmop.com from ip 58.20.79.212. What is most interesting about this is the fact that the password on this account isn't exactly what I would call easy to guess, and has to have been lifted from another site or source.

/me too (2, Interesting)

self assembled struc (62483) | more than 4 years ago | (#31917636)

happened to me on sunday. and six other friends. 25 people i know since sunday have gotten hit as well.

obnoxiously there's no way to report the incident to google. all the help stuff is self-serve and the "send feedback" link is a closed beta.

i had a 28 character password of numbers, letters (upper and lower case) and punctuation that I only used for gmail, so it's highly doubtful they were able to guess at that.

somehow i feel like this is linked to the theft of their security software

Re:/me too (3, Informative)

DKalkin (1280762) | more than 4 years ago | (#31917690)

obnoxiously there's no way to report the incident to google. all the help stuff is self-serve and the "send feedback" link is a closed beta.

It's irritatingly hard to find, but there is a way to report it. http://mail.google.com/support/bin/answer.py?hl=en&answer=50270 [google.com] My significant other's account got hijacked yesterday and Google did react less than half an hour after we filled out the form.

funny (1)

CHRONOSS2008 (1226498) | more than 4 years ago | (#31917964)

just hilarious

did we all learn something to day ,
oh take back your iPAD's also...

Re:/me too (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31918104)

Instead of starting my own me too I'll just respond to one. I was hit as well. Incidentally, it was on a gmail account I go to paranoid lengths to keep secure. It was on my gmail account I specifically use for my online banking, broker account, etc. I've never sent a single email on it. The password was 20 characters long of random characters, letters, and upper and lower case. The password was not in any way related to any other password I use. Also, I only ever log into this account from an old, tightly secure linux box that I use only for paying bills online and accessing electronic banking--never for general web browsing or anything else at all. I disable wireless on every computing device I own. I have never shared my password either or written it down. Most people say I go to paranoid lengths with computer security and even I was hit. I really have no idea how I was hit. I even use ad block, no script, flash block, and always type in the URL to any site I go to on that box.

Huh? Why the need to break in? (0)

Anonymous Coward | more than 4 years ago | (#31917686)

Don't these guy realize gmail accounts are free? Who hires these guys?

Interesting choices in software (2, Interesting)

griffinme (930053) | more than 4 years ago | (#31918064)

From the page where Google talks about keeping your account secure....
"We can tell you, though, that trying all of these programs often makes a difference, as does having the latest versions.

        * Google Pack - Norton Security Scan, Spyware Doctor
        * Kaspersky Free Virus Scan
        * Spybot Search and Destroy
        * Lavasoft Ad-Aware
        * MacScan"

Norton is not part of the Google pack. Besides, when did it become a good idea to run more then one anti-virus? I always thought that was a good way to cause problems with them fighting each other over a virus.
From the Google Pack page...

"Learn more about Google Pack Software

        * Google Chrome Web Browser
        * Google Apps
        * Google Earth
        * Google Toolbar for IE
        * Spyware Doctor with Anti-Virus
        * Google Desktop
        * Picasa
        * Adobe Reader
        * Firefox with Google Toolbar
        * Google Talk
        * Skype
        * RealPlayer"

What is interesting is that it includes Chrome and Firefox. It is nice to see them recommending Spybot. It has long been a favorite of mine that seems to have lost some of its popularity over the past year or two. On the other hand, they have RealPlayer in the Google Pack and I have despised them for ages.

Keepass And Complex Passwords (1)

darkmeridian (119044) | more than 4 years ago | (#31918580)

I have found that my Google Account password is my most important password. Not only does it have my Gmail since 2004, it also has my Calendar, Voice, Documents, and Checkout. It's pretty freaking terrifying. Interesting question: do I need to split it up amongst different providers? Putting your eggs in one basket is a pretty stupid idea but having everything together is so freaking convenient. Ugh.

Anyway, I use Keepass. I have a 60 character password with symbols, letters, numbers, and the like. That means that I cannot use my Gmail account on public computers that do not have the Keepass software and my password database, but that forces me to keep my discipline. I literally cannot log into my email away from a computer or device that I own.

GMail has always had extremely lax security (2, Interesting)

green1 (322787) | more than 4 years ago | (#31918600)

Although this isn't directly related to this particular occurrence, I think Google has some serious security issues to deal with on the entire gmail platform. I am a forum admin, and I find that the vast majority of spammers who sign up for accounts do so with a gmail account. most of these appear to be bots, they are only marginally slowed down by our captcha, so I suspect they have no trouble with google's either. The fact that such a large percentage of the spam comes from accounts set up through gmail tells me that spammers find it to be the easiest email system to break in to with automated tools.
If I had the option I would simply ban all registrations from gmail accounts, it would eliminate the vast majority of our forum spam. Unfortunately though too many of our legitimate users also use gmail accounts.

This is why (1)

OrwellianLurker (1739950) | more than 4 years ago | (#31918742)

This is why I randomly generate all my important passwords.

a couple of thoughts (0)

Anonymous Coward | more than 4 years ago | (#31918956)

my thoughts are along the lines of "password recovery" compromises
1. your main password should be sick complex and written down
2. with any "password recovery" questions should you should choose one where you can put in a real password and not simply choose an option from a drop down list, the password should be even more difficult than your main password, destroy all copies thereof after entering it into the system including clearing the cache(don't write it down)
3. never give google your phone number since they consider it a viable form of id for password recovery and can be spoofed (or a phone company bot-net master can request your password)

i wish there was a true "no password recovery" option, but till there is that's the best improvisation i can think of

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?