Results 1 to 25 of 27
Thread: gmail compromised
-
06-26-2008, 05:30 PM #1Newbie
- Join Date
- Jun 2008
- Posts
- 9
gmail compromised
Hi,
I'm desperate to try and figure something out. I logged into my gmail and got the 'your account may have been compromised message'...I wasn't sure what was going on so I logged out and tried to log back on but it didn't work. However, I was in a hurry to go somewhere so when I got to this other place, I went on the internet, logged back into gmail, was able to use my password and everything was fine. I changed it for safety- both passwords old and new had letters, numbers and a special character.
I am trying to figure out - was this a fluke, or did someone actually break into my gmail (ie: figure out my password somehow)? There is absolutely no evidence that someone was in there - no spam, checked the filters etc.
Can anyone help?
Thanks soo much
pieces
-
06-26-2008, 05:35 PM #2Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
Are you sure that you saw that message on gmail.com (or mail.google.com), or could that have been on a phishing site?
In any event, kudos on changing your account password -- that helps halt any phishing attempt that may have occurred.
-mike
-
06-26-2008, 05:48 PM #3Web Hosting Master
- Join Date
- Jun 2004
- Posts
- 2,853
I agree, you could have typo'd gmail and landed on a fishing site. Either way it's good that you changed your passwords and your old information that was "compromised" is worthless.
I doubt gmail itself got compromised.
-
06-26-2008, 06:03 PM #4WHT Addict
- Join Date
- Jun 2007
- Posts
- 100
You got phished.
-
06-26-2008, 06:05 PM #5Newbie
- Join Date
- Jun 2008
- Posts
- 9
wow..thanks so much...forgive my ignorance here, but how would I know that it is a phishing site and not gmail per se? I assume this is just speculation...
I tested the account with my friend, he logged into my account (with my password) and I logged in at the same time, but I didn't get the compromised message - I was just trying to re-create the scenario, but wasn't able to.
I have heard of phising - but only in a corporate context, not a web one..
-
06-26-2008, 07:04 PM #6Web Hosting Master
- Join Date
- Jun 2004
- Posts
- 2,853
How did you get to gmail? By going directly to www.gmail.com, or did you click a link in an email with a warning?
Normally, it's obvious to see in the web address bar if it is a legitimate website or not.
http://en.wikipedia.org/wiki/Phishing
-
06-26-2008, 07:09 PM #7Web Hosting Master
- Join Date
- Mar 2004
- Posts
- 695
check your preferences in your gmail account, check that your email is not configured to be resent to another account, that was used to steal a domain a few months ago
Mousa: [as Rambo prepares to play Afghan game 'buzkashi'] God must love crazy people.
Rambo: [getting on horse] Why?
Mousa: He make so many of them!
-
06-26-2008, 07:25 PM #8WHT Addict
- Join Date
- Dec 2007
- Posts
- 157
Perhaps you were using a cafe where the browser was compromised and you got phished, even though you typed gmail.com correctly.
Webhosting to-check.in
You manage content, we manage the rest!
-
06-26-2008, 07:25 PM #9Junior Guru
- Join Date
- Sep 2006
- Posts
- 222
Does Gmail even give out warning messages like that? This is the first I've heard of it. That may have been a phishing attempt and if so, you've dodged the bullet. For better security in the future, I strongly suggest that you use Gmail's secure login (https://mail.google.com) at all times.
-
06-27-2008, 11:05 AM #10Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
-
06-27-2008, 08:50 PM #11Web Hosting Master
- Join Date
- Aug 2004
- Location
- Australia
- Posts
- 896
-
06-28-2008, 11:53 AM #12Aspiring Evangelist
- Join Date
- Oct 2007
- Location
- Mississauga, ON
- Posts
- 377
If you used your old e-mail password for anything else (I know lots of people that do), go and change it right away; it's compromised.
-
07-18-2008, 06:47 PM #13Newbie
- Join Date
- Jun 2008
- Posts
- 9
Hi,
Thank you soo much for all your responses!
Anyway, I was not at a cafe...was at home, but possibly even at home maybe my browser was phished...I did use www.gmail.com to access, but thanks for the mail.gmail.com tip - just tested it, takes me to the same place.
Funny that I was unable to re-create the scenario and there was no evidence whatsoever of any mails being sent, any unusual activity in my email....and I was able to log ino with my old password so I am hoping that even if someone did break into my account and read these very personal things there...they would have had to guess my security question, which would be hard to do...and then change my password...I was able to access the account with my old password (changed it later for safety).
Now regarding the security question…I decided to test this myself as I wanted to be sure which security question I put there: I pretended to forget my password and got a link from gmail stating that a ‘password reset’ link had been sent to my hotmail acct (which is the alternative acct set up in gmail)…BUT no pwd reset link ever arrived!! I checked this multiple times! I also tested sending something to and from gmail, and it worked fine. Now, how can someone configure sending only my password link to another address? Which address is it going to? If it is going to the person’s address who I think broke into my email, at least I will know that they have read extremely personal letters. How can I find this out??
Nothing was reported in the news media...no URLs, no unusual activity that I could see.
Under my account preferences - the email forwarding feature was disabled and there is no filters set up...I read the fiasco with that stolen domain, that was a horrible situation!
Thanks guys. This board is awesome. You rock!
-
07-18-2008, 06:49 PM #14Newbie
- Join Date
- Jun 2008
- Posts
- 9
One more piece I forgot....regarding hotmail:I checked the junkmail filters, all folders..nothing. No password reset link from gmail.
Thanks again for your help.
-
07-18-2008, 06:57 PM #15Newbie
- Join Date
- Jun 2008
- Posts
- 9
ohh..I see it now! Thanks!! It's sisabled...but exceeded 5 posts, so ya...good to know for others posting their first 5 ;-) thanks!
-
07-18-2008, 07:03 PM #16Junior Guru
- Join Date
- Sep 2006
- Posts
- 222
Well, regarding the password reset not being sent, I had a similar issue where I changed my password but never received a password reset email at my secondary account (Yahoo). Not sure whether the problem was with Google's end or Yahoo/Hotmail.
Anyway, to check to see whether your secondary email is correct, just login in to your Google Accounts page and click "Change security question". You should see your secondary account there.
Edit: Just tested the password reset and it seems that the email arrived safely. Hmm... I think the problem here is that my secondary email was idle for a long time and was rendered temporarily inactive by Yahoo. Maybe the same thing happened with your Hotmail.Last edited by Syd_M; 07-18-2008 at 07:07 PM.
-
07-18-2008, 07:20 PM #17Newbie
- Join Date
- Jun 2008
- Posts
- 9
Thanks Syd. Just tested it myself also I can log into hotmail fine, send and receive fine but no sign of the password reset link from gmail. Hotmail acct is obviously in an active status.
I'm wondering - is it possible to configure an email coming from gmail with 'password reset' in subject line and forward it to another email?
-
07-18-2008, 08:03 PM #18Junior Guru
- Join Date
- Sep 2006
- Posts
- 222
Do you mean have your secondary email forward the password reset to another email address? Sure, it's possible. However, Hotmail has crappy forwarding/filtering rules where you can't pick which email to forward. If you set auto-forwarding in Hotmail, then all email will be forwarded. Furthermore, you're only able to forward mail to a custom domain or an e-mail address that ends in hotmail.com, msn.com, or live.com.
BTW, I tried setting my secondary email to a Hotmail account that I have, then tried the password reset tool again. It worked fine. Try this: stay logged in to your Hotmail account, then try the password reset. If your secondary email was set correctly, then you should receive the email.
-
07-18-2008, 09:06 PM #19Newbie
- Join Date
- Jul 2008
- Posts
- 9
Did you just send a bunch of emails through IMAP? I did that the other day and I ran into a similar problem. I forget the steps I took but everything got cleared up.
-
07-19-2008, 01:52 PM #20Newbie
- Join Date
- Jul 2008
- Location
- TX USA
- Posts
- 7
My old gmail account was hacked into and Im not sure how as I change my password on a regular basis and I always use good strong passwords. But someone got in, spammed my entire address book and then a day or so later took over the entire account.
I finally just emailed all my contacts and got rid of the account.
-
07-19-2008, 10:58 PM #21Web Hosting Guru
- Join Date
- Mar 2005
- Location
- Houston, TX
- Posts
- 275
Make sure you check your "secret question" for password reset and your secondary email address (where "forgot password" reminders are sent). Those two things are very commonly changed if your account is compromised.
-
07-21-2008, 12:14 PM #22Newbie
- Join Date
- Jul 2008
- Posts
- 5
....
There may not be any evidence and someone could have been in there. I had that happen with AOL, but my account got blocked for spamming. So, as along as you're still able to use your account, I wouldn't worry about it -- just keep the passwords safe and make sure to log out on public computers. I don't know how many times I've gone to e-mail sites on public computers and ended up in someones account.
-
07-22-2008, 03:37 PM #23Web Hosting Master
- Join Date
- Aug 2003
- Location
- St. Louis, Missouri
- Posts
- 1,815
I don't wanna sound stupid, but maybe you saw that message in Google Adsense ad?
-
07-28-2008, 10:21 PM #24Newbie
- Join Date
- Jun 2008
- Posts
- 9
Really? If you say that someone may have been in there (without evidence), what are the methods that they could have gained access (other than guessing the answer to my security question in gmail)?
As well, I still can't figure out why I can't make a successful test of re-setting my gmail password and retrieving the password email successfully in my hotmail account. It is definitely going elsewhere...how can I figure out what address it is going to?
Thanks so much guys!
-
07-28-2008, 10:23 PM #25Newbie
- Join Date
- Jun 2008
- Posts
- 9