Page 1 of 2 12 LastLast
Results 1 to 25 of 27
  1. #1

    gmail compromised

    Hi,

    I'm desperate to try and figure something out. I logged into my gmail and got the 'your account may have been compromised message'...I wasn't sure what was going on so I logged out and tried to log back on but it didn't work. However, I was in a hurry to go somewhere so when I got to this other place, I went on the internet, logged back into gmail, was able to use my password and everything was fine. I changed it for safety- both passwords old and new had letters, numbers and a special character.

    I am trying to figure out - was this a fluke, or did someone actually break into my gmail (ie: figure out my password somehow)? There is absolutely no evidence that someone was in there - no spam, checked the filters etc.

    Can anyone help?

    Thanks soo much
    pieces

  2. #2
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    Are you sure that you saw that message on gmail.com (or mail.google.com), or could that have been on a phishing site?

    In any event, kudos on changing your account password -- that helps halt any phishing attempt that may have occurred.

    -mike
    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555

  3. #3
    Join Date
    Jun 2004
    Posts
    2,853
    I agree, you could have typo'd gmail and landed on a fishing site. Either way it's good that you changed your passwords and your old information that was "compromised" is worthless.

    I doubt gmail itself got compromised.

  4. #4
    You got phished.

  5. #5
    wow..thanks so much...forgive my ignorance here, but how would I know that it is a phishing site and not gmail per se? I assume this is just speculation...

    I tested the account with my friend, he logged into my account (with my password) and I logged in at the same time, but I didn't get the compromised message - I was just trying to re-create the scenario, but wasn't able to.

    I have heard of phising - but only in a corporate context, not a web one..

  6. #6
    Join Date
    Jun 2004
    Posts
    2,853
    How did you get to gmail? By going directly to www.gmail.com, or did you click a link in an email with a warning?

    Normally, it's obvious to see in the web address bar if it is a legitimate website or not.

    http://en.wikipedia.org/wiki/Phishing

  7. #7
    Join Date
    Mar 2004
    Posts
    695
    check your preferences in your gmail account, check that your email is not configured to be resent to another account, that was used to steal a domain a few months ago
    Mousa: [as Rambo prepares to play Afghan game 'buzkashi'] God must love crazy people.
    Rambo: [getting on horse] Why?
    Mousa: He make so many of them!

  8. #8
    Perhaps you were using a cafe where the browser was compromised and you got phished, even though you typed gmail.com correctly.
    Webhosting to-check.in
    You manage content, we manage the rest!

  9. #9
    Join Date
    Sep 2006
    Posts
    222
    Does Gmail even give out warning messages like that? This is the first I've heard of it. That may have been a phishing attempt and if so, you've dodged the bullet. For better security in the future, I strongly suggest that you use Gmail's secure login (https://mail.google.com) at all times.

  10. #10
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    Quote Originally Posted by elmister View Post
    check your preferences in your gmail account, check that your email is not configured to be resent to another account, that was used to steal a domain a few months ago
    Interesting. Was it reported in the news media, and if so, do you happen to have a URL?

    I would be interested in reading how exactly this occurred and what went wrong from a safeguard standpoint.

    -mike
    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555

  11. #11
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    896
    Quote Originally Posted by Mark L View Post
    I doubt gmail itself got compromised.
    I would be even more surprised if it confessed to being compromised.
    I could tell you a joke about UDP. But I'm not sure you would get it!

  12. #12
    Join Date
    Oct 2007
    Location
    Mississauga, ON
    Posts
    377
    If you used your old e-mail password for anything else (I know lots of people that do), go and change it right away; it's compromised.

  13. #13
    Hi,

    Thank you soo much for all your responses!

    Anyway, I was not at a cafe...was at home, but possibly even at home maybe my browser was phished...I did use www.gmail.com to access, but thanks for the mail.gmail.com tip - just tested it, takes me to the same place.

    Funny that I was unable to re-create the scenario and there was no evidence whatsoever of any mails being sent, any unusual activity in my email....and I was able to log ino with my old password so I am hoping that even if someone did break into my account and read these very personal things there...they would have had to guess my security question, which would be hard to do...and then change my password...I was able to access the account with my old password (changed it later for safety).

    Now regarding the security question…I decided to test this myself as I wanted to be sure which security question I put there: I pretended to forget my password and got a link from gmail stating that a ‘password reset’ link had been sent to my hotmail acct (which is the alternative acct set up in gmail)…BUT no pwd reset link ever arrived!! I checked this multiple times! I also tested sending something to and from gmail, and it worked fine. Now, how can someone configure sending only my password link to another address? Which address is it going to? If it is going to the person’s address who I think broke into my email, at least I will know that they have read extremely personal letters. How can I find this out??

    Nothing was reported in the news media...no URLs, no unusual activity that I could see.

    Under my account preferences - the email forwarding feature was disabled and there is no filters set up...I read the fiasco with that stolen domain, that was a horrible situation!

    Thanks guys. This board is awesome. You rock!

  14. #14
    One more piece I forgot....regarding hotmail:I checked the junkmail filters, all folders..nothing. No password reset link from gmail.

    Thanks again for your help.

  15. #15
    ohh..I see it now! Thanks!! It's sisabled...but exceeded 5 posts, so ya...good to know for others posting their first 5 ;-) thanks!

  16. #16
    Join Date
    Sep 2006
    Posts
    222
    Well, regarding the password reset not being sent, I had a similar issue where I changed my password but never received a password reset email at my secondary account (Yahoo). Not sure whether the problem was with Google's end or Yahoo/Hotmail.

    Anyway, to check to see whether your secondary email is correct, just login in to your Google Accounts page and click "Change security question". You should see your secondary account there.

    Edit: Just tested the password reset and it seems that the email arrived safely. Hmm... I think the problem here is that my secondary email was idle for a long time and was rendered temporarily inactive by Yahoo. Maybe the same thing happened with your Hotmail.
    Last edited by Syd_M; 07-18-2008 at 07:07 PM.

  17. #17
    Quote Originally Posted by Syd_M View Post
    Well, regarding the password reset not being sent, I had a similar issue where I changed my password but never received a password reset email at my secondary account (Yahoo). Not sure whether the problem was with Google's end or Yahoo/Hotmail.

    Anyway, to check to see whether your secondary email is correct, just login in to your Google Accounts page and click "Change security question". You should see your secondary account there.

    Edit: Just tested the password reset and it seems that the email arrived safely. Hmm... I think the problem here is that my secondary email was idle for a long time and was rendered temporarily inactive by Yahoo. Maybe the same thing happened with your Hotmail.
    Thanks Syd. Just tested it myself also I can log into hotmail fine, send and receive fine but no sign of the password reset link from gmail. Hotmail acct is obviously in an active status.

    I'm wondering - is it possible to configure an email coming from gmail with 'password reset' in subject line and forward it to another email?

  18. #18
    Join Date
    Sep 2006
    Posts
    222
    Do you mean have your secondary email forward the password reset to another email address? Sure, it's possible. However, Hotmail has crappy forwarding/filtering rules where you can't pick which email to forward. If you set auto-forwarding in Hotmail, then all email will be forwarded. Furthermore, you're only able to forward mail to a custom domain or an e-mail address that ends in hotmail.com, msn.com, or live.com.

    BTW, I tried setting my secondary email to a Hotmail account that I have, then tried the password reset tool again. It worked fine. Try this: stay logged in to your Hotmail account, then try the password reset. If your secondary email was set correctly, then you should receive the email.

  19. #19
    Did you just send a bunch of emails through IMAP? I did that the other day and I ran into a similar problem. I forget the steps I took but everything got cleared up.

  20. #20
    Join Date
    Jul 2008
    Location
    TX USA
    Posts
    7
    My old gmail account was hacked into and Im not sure how as I change my password on a regular basis and I always use good strong passwords. But someone got in, spammed my entire address book and then a day or so later took over the entire account.

    I finally just emailed all my contacts and got rid of the account.

  21. #21
    Join Date
    Mar 2005
    Location
    Houston, TX
    Posts
    275
    Make sure you check your "secret question" for password reset and your secondary email address (where "forgot password" reminders are sent). Those two things are very commonly changed if your account is compromised.

  22. #22

    ....

    Quote Originally Posted by pieces455 View Post
    Hi,

    I'm desperate to try and figure something out. I logged into my gmail and got the 'your account may have been compromised message'...I wasn't sure what was going on so I logged out and tried to log back on but it didn't work. However, I was in a hurry to go somewhere so when I got to this other place, I went on the internet, logged back into gmail, was able to use my password and everything was fine. I changed it for safety- both passwords old and new had letters, numbers and a special character.

    I am trying to figure out - was this a fluke, or did someone actually break into my gmail (ie: figure out my password somehow)? There is absolutely no evidence that someone was in there - no spam, checked the filters etc.

    Can anyone help?

    Thanks soo much
    pieces
    There may not be any evidence and someone could have been in there. I had that happen with AOL, but my account got blocked for spamming. So, as along as you're still able to use your account, I wouldn't worry about it -- just keep the passwords safe and make sure to log out on public computers. I don't know how many times I've gone to e-mail sites on public computers and ended up in someones account.

  23. #23
    Join Date
    Aug 2003
    Location
    St. Louis, Missouri
    Posts
    1,815
    I don't wanna sound stupid, but maybe you saw that message in Google Adsense ad?

  24. #24
    Quote Originally Posted by feutre View Post
    There may not be any evidence and someone could have been in there. I had that happen with AOL, but my account got blocked for spamming. So, as along as you're still able to use your account, I wouldn't worry about it -- just keep the passwords safe and make sure to log out on public computers. I don't know how many times I've gone to e-mail sites on public computers and ended up in someones account.

    Really? If you say that someone may have been in there (without evidence), what are the methods that they could have gained access (other than guessing the answer to my security question in gmail)?

    As well, I still can't figure out why I can't make a successful test of re-setting my gmail password and retrieving the password email successfully in my hotmail account. It is definitely going elsewhere...how can I figure out what address it is going to?

    Thanks so much guys!

  25. #25
    Quote Originally Posted by WHTer View Post
    I don't wanna sound stupid, but maybe you saw that message in Google Adsense ad?

    Thanks ...if I saw the message in a Google Adsense ad, that would be perfect....that would mean this person did not read these extremely sensitive information that I had in my gmail acct and that I don't seem to have a way of verifying :-(((

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •