cancel
Showing results for 
Search instead for 
Did you mean: 

Gmail - me hacked?

David_W
Rising Star
Posts: 2,300
Thanks: 31
Registered: ‎19-07-2007

Gmail - me hacked?

I use gmail for unimportant stuff, so I go to log into it today to see if I can use one of their features (Picasa's website, wanted to know if I could set it up with a domain name) and my account was suspended.  Puzzled I put in my phone number and it sent me a text message (wait, google now have my phone number, that's their plan....) and I unlock my account.
Turns out a Brazilian had logged into my gmail account and tried to send spam to all of my contacts, probably a link to a nasty website somewhere or another.
Now, I'm pretty positive Google hasn't been hacked.  I have up to date AV software (Kaspersky) so I'm slightly tempted to rule out keylogging software or a virus, but I'm going to run a scan whilst I go watch neighbours.  I'm actually quite stumped at how they could log in to my gmail account, and even more stumped why google let them log in and send a spam email and then block the account rather than just blocking it when it noted I'd gone from the UK to Brazil in only 3 hours.
Anyone got any ideas?
3 REPLIES
Community Gaffer
Community Gaffer
Posts: 13,582
Thanks: 1,267
Fixes: 103
Registered: ‎04-04-2007

Re: Gmail - me hacked?

Quote from: David
Anyone got any ideas?

Have you logged into your account from a computer that isn't yours recently?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 1,850
Registered: ‎11-08-2007

Re: Gmail - me hacked?

Quote
Now, I'm pretty positive Google hasn't been hacked.

why not?  they use software too.
David_W
Rising Star
Posts: 2,300
Thanks: 31
Registered: ‎19-07-2007

Re: Gmail - me hacked?

Nope, I'm pretty sure I've never logged onto gmail on anything other than my PC or iPhone, but I deleted the account from my iPhone ages ago.  I ran a complete scan with Kaspersky (almost 400Gb worth of files >.<) and that came out clean so, my line of thought is....... I'm an idiot.
Odds are I used my gmail account to sign up to some forum where I didn't want to use my @force9 email address, I don't mind if my gmail gets spam because I rarely use it.  So my thinking is I signed up to a forum using my @gmail with my same password as my gmail password.  Someone managed to hack the forums database and the passwords were saved plain text and not MD5 hashed so they have a huge list of peoples emails with possible passwords and managed to hit lucky with mine.
I've ruled out a virus/trojan, the odds of google being hacked are basically zero, keylogger, kaspersky throws up tons of false positives with that but on the scan didn't find anything untowards, nor did Windows Defender so as far as I can see my system is "clean" which brings it down to user error.  The password I used was 11 letters and numbers so a reverse crack of MD5 without a huge rainbow table is improbable, and is also the same password I use to log into PlusNet, time to change that, luckily it's not the same as my PN email password.
Gah, of course, everywhere now they can google me and if I've used the same password, oh dear, this could be interesting to say the least  Embarrassed
@artificer - if Google had been hacked, it would be a front page story, their database would be behind firewalls and what-not to make it improbable at best, if they were there would be tons of posts out there with "my gmail got hacked!" by now and The Register would pick it up, so I'm going to settle for me being an idiot, although, I really can't remember posting to any forum which doesn't use a forum that uses MD5, it's, confuddling.
/edit - Okily, I googled and turned up a fair few results.  I'm lucky I didn't use gmail for my facebook page else they would have logged in on that too.  So yes, I could have been the victim of an exploit from gmail and not through my own idiocy!