• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Gmail accounts being hijacked like crazy

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
SpatiallyAware said:
I had another IT friend get hit, also running stock Android. The three people I know who have had their gmail accounts hacked know better than to fall for any of the phishing schemes.
Click to expand...

It'd be interesting to see if they have any common apps between the three of them. Could be a nefarious app...
 
irishScott said:
So I was checking my gmail and now firefox and chrome say google's certificate is invalid. 😛

Oh and my password is pretty damn long with upper case, lower case, numbers and more than a few symbols. Come and get me China. 🙂
Click to expand...

Gosh darn, upper case, numbers and symbols! You sure stumped those L337 Chinese hackers.
 
My wife had her account compromised as well, seems to be the same scheme - gmail account and sends emails out to the whole contact list with the email itself only containing one link. She doesn't have an android phone, or any phone that would run apps.

I concluded that she must have used the same password on an account of a website with questionable integrity/security, and they got it from there.
 
I had the same problem. My account was sending spam to my contact lists. I changed my password and it stopped.

The gmail logs said it was coming from California. The spam message was a referral link to a legitimate pharmaceuticals website.
 
Slightly off topic but my main .msn email got jacked last week. I tried to log in during the morning and my pass didn't work. I thought MSN was on the fritz. I log in to a different email I have and there is an email from my primary saying I am stuck in Spain begging for money to get home. The night before I used an old laptop to check my email that I had retired a while ago. It had IE6 with no recent updates. DOH!!!! I know better; Damnit, I know better, I swear I do! Got control of my account back and found everybody in my address book got the same email. There was an attachment too but no way was I going to open that. 🙁
 
My gmail account was compromised about 4 hours ago. It started sending random emails 2 hours ago. The compromised IP also appeared from California. The password is changed. I know its not a weak password, its 26 numbers and letters long. These accounts are definitely being compromised through other means.
 
thecoolnessrune said:
My gmail account was compromised about 4 hours ago. It started sending random emails 2 hours ago. The compromised IP also appeared from California. The password is changed. I know its not a weak password, its 26 numbers and letters long. These accounts are definitely being compromised through other means.
Click to expand...

There are programs to capture e-mail passwords on wireless networks. It isn't difficult at all to steal them and it's all automated. Always use SSL on public networks. They'll even "call home" and dump the info off.
 
DLeRium said:
That means the data between you and the server. The data between you and a WAP is nowhere near secure... unless you got some nice encryption going.
Click to expand...

That's what SSL does. The only problem with that is somebody doing a man in the middle attack making it look like you've got a secure session when you really don't. This is another reason I will not do anything I don't want stolen over wireless hotspots. One of my specialties is network security and I know what can be done, that's why I won't use them for anything other than casual browsing.
 
spidey07 said:
There are programs to capture e-mail passwords on wireless networks. It isn't difficult at all to steal them and it's all automated. Always use SSL on public networks. They'll even "call home" and dump the info off.
Click to expand...

This is all well and good, but I'm on a college campus. Only wired internet. Web portal is always through https. So none of what you're mentioning applies here.
 
thecoolnessrune said:
This is all well and good, but I'm on a college campus. Only wired internet. Web portal is always through https. So none of what you're mentioning applies here.
Click to expand...
There are lots of possibilities that involve something on your end being compromised. Assuming GMail has been compromised is a little dramatic - the media is gagging for dirt on Google, if this had happened then we'd be hearing about it in much more important places than ATOT.
 
GodlessAstronomer said:
There are lots of possibilities that involve something on your end being compromised. Assuming GMail has been compromised is a little dramatic - the media is gagging for dirt on Google, if this had happened then we'd be hearing about it in much more important places than ATOT.
Click to expand...

Sure there is. But it means compromising is taking place. By a similar entity as well. If they are not exploiting Gmail directly then that means there is a worm that is exploiting some widespread flaw that is as of yet undetected. Would that also not garner attention?

Oh, and ATOT members are not the only members who've reported this.
 
spidey07 said:
That's what SSL does. The only problem with that is somebody doing a man in the middle attack making it look like you've got a secure session when you really don't. This is another reason I will not do anything I don't want stolen over wireless hotspots. One of my specialties is network security and I know what can be done, that's why I won't use them for anything other than casual browsing.
Click to expand...

spidey07 said:
There are programs to capture e-mail passwords on wireless networks. It isn't difficult at all to steal them and it's all automated. Always use SSL on public networks. They'll even "call home" and dump the info off.
Click to expand...

spidey07 do you even know what SSL stands for?
 
Last edited:
Mine wasn't compromised like many of the others here, instead someone was using it to send out Craigslist personal encounter ad's. I thought at first someone was just using the email in the ad, but later realized they were somehow sending messages from it as well. Strangely no other ip's appeared in the log, but I changed the password anyway and it stopped.
 
thecoolnessrune said:
My gmail account was compromised about 4 hours ago. It started sending random emails 2 hours ago. The compromised IP also appeared from California. The password is changed. I know its not a weak password, its 26 numbers and letters long. These accounts are definitely being compromised through other means.
Click to expand...

That's interesting that you had the exact same situation as me.

Do you use your gmail password on other sites? I wonder if some other site got hacked and they're just trying the password for that site on all the gmail addresses.
 
Leros said:
That's interesting that you had the exact same situation as me.

Do you use your gmail password on other sites? I wonder if some other site got hacked and they're just trying the password for that site on all the gmail addresses.
Click to expand...

Nah, the gmail address password is the only place I use that particular code. It was just a randomly created one from a password generator.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top