I had always read about people's email accounts being hacked, but never thought it would happen to me. I never click on random links and always keep my AV/internet security software up to date. Last week my gmail account was hacked by someone in China, and I've been doing a lot of research trying to figure out where I went wrong.
Luckily the perp didn't cause too much trouble - they just sent a poorly-worded spam message about discount electronics to a number of my contacts. Everything else was left unchaged.
From reading similar stories on google's forums, I've come up with the following:
1. Google claims their servers are secure, and that there is no security hole in/through China. I suppose you could dispute this, but I'm leaning more toward option #2 as the root cause.
2. Aside from the obvious schemes used to steal people's passwords - phishing, keyloggers, etc. another possibility mentioned by a google rep was the issue of other websites being hacked, and the login/password data being stolen, distributed, and used.
This is where I think I went wrong. I had been using the same password for nearly every website, including gmail. This had been the case for the past few years. The password was also only moderately secure - 8 random characters with one uppercase, one letter, and no symbols.
Now I'm starting to wonder which site they likely stole my information from. Are the logins/passwords on vbulletin message boards stored in plain text on the server? What about on social networking sites such as Facebook and Linkedin? What about banks? What about online stores such as Amazon and Newegg? How easy is it to hack each of these websites and steal login/password information? I guess I was under the impression that login/password data was stored encrypted on the servers, but maybe not?
As a temporary measure I've generated 10-character random passwords for every site I visit on a regular basis and written them down on a piece of paper, but I'm not sure what to do in the long term. I've thought about going with keepass, but the idea of never actually remembering my password for each individual website seems kind of strange to me. It also seems like I would need to always carry a USB key drive around with me in case I needed to access any of my websites from a different computer.
There's just no way I would be able to remember a unique 10+ character password for each individual website I visit.
Luckily the perp didn't cause too much trouble - they just sent a poorly-worded spam message about discount electronics to a number of my contacts. Everything else was left unchaged.
From reading similar stories on google's forums, I've come up with the following:
1. Google claims their servers are secure, and that there is no security hole in/through China. I suppose you could dispute this, but I'm leaning more toward option #2 as the root cause.
2. Aside from the obvious schemes used to steal people's passwords - phishing, keyloggers, etc. another possibility mentioned by a google rep was the issue of other websites being hacked, and the login/password data being stolen, distributed, and used.
This is where I think I went wrong. I had been using the same password for nearly every website, including gmail. This had been the case for the past few years. The password was also only moderately secure - 8 random characters with one uppercase, one letter, and no symbols.
Now I'm starting to wonder which site they likely stole my information from. Are the logins/passwords on vbulletin message boards stored in plain text on the server? What about on social networking sites such as Facebook and Linkedin? What about banks? What about online stores such as Amazon and Newegg? How easy is it to hack each of these websites and steal login/password information? I guess I was under the impression that login/password data was stored encrypted on the servers, but maybe not?
As a temporary measure I've generated 10-character random passwords for every site I visit on a regular basis and written them down on a piece of paper, but I'm not sure what to do in the long term. I've thought about going with keepass, but the idea of never actually remembering my password for each individual website seems kind of strange to me. It also seems like I would need to always carry a USB key drive around with me in case I needed to access any of my websites from a different computer.
There's just no way I would be able to remember a unique 10+ character password for each individual website I visit.
Last edited:
Facebook
Twitter