Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmail Hacked


  • Please log in to reply
1 reply to this topic

#1 MarcusMaximus

MarcusMaximus

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 28 March 2009 - 02:56 PM

My Gmail account was hacked recently. I think it was a cross site request forgery method was used but apparently thats been fixed http://www.gnucitizen.org/blog/googl...ack-technique/. Any other know reasons. Below is what happened

i received an email from warez-bb.org saying please confirm your registration but i though it was a mistake and thought nothing of it. i then received an email saying i was banned from warez-bb forums for a certain post so out of curiosity i decided to have a look as to why i was banned from a site i never registered or posted on. turns out i couldn't log on using the user name and password they had previously sent me because i was blocked.

I decided I'd check my gmail log on history to see if i could find anything. Turns out i was logged in from 121.96.217.98 and was logged in at 3:30am when i was sound asleep in bed. Somebody hacked my account, they were chating to a friend in the states too. First thing i did was change the password to something even stronger than the previous and change the secret question, changed the hotmail one too as they linked and other passwords too. Restricted pop and imap access and disabled a few google labs gadgets.

My first thought was because my email address was all over recruitment sites with my C.V. but not my password obviously, i thought they might have got the email address and cracked the secret question or something. Next thing i thought was that linked in was hacked and as its the only website i ever let connect to my Gmail contacts i thought the username and password were obtained that way.

I think that im safe now but if anybody has any info as to how this happened, it would be appreciated.
Don't know if this should be in the security section sorry if it is

BC AdBot (Login to Remove)

 


#2 txtchr

txtchr

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:13 PM

Posted 29 March 2009 - 07:26 PM

Don't know how your email was hacked, but I will offer some advice from personal experience:

Check all of your online activity -- especially anything associated with financials like your banking and credit card accounts. Immediately change the password to your online bank account and credit card access and inform them that you may be a victim of identity theft.

If you are in the United States, you can easily put a 90 day fraud alert on your social security number. You may think this is being a bit melodramatic and over the top, but I assure you that if someone accessed your email and it was linked to recruitment sites, whoever did this could possibly have access to all that is needed to steal your identity.

Go to: Experian. At the bottom of the page under the Additional Products & Services section - Credit Report Assistance, click on Fraud Alert. This will bring you to a page where your first option will be to click on Initial Security Alert (90 days). Click on that link. It's a secure site. Once you fill out that information, your information will be provided to TransUnion and Equifax (the other two credit bureaus). You can then print out a credit report if you wish. This 90 day alert can be renewed every 90 days forever if you desire.

Be proactive. If someone has accessed any of your personal information, don't let them walk away with any more of it. You may think I'm an alarmist, but ask anyone who has had their identity stolen and they'll tell you that it all started with something as innocuous-sounding as what you have described.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users