12 thoughts on “The perils of email: My Gmail account hacked

  1. Sanjana,
    Your email account may have been ‘hacked’ – a fact you mat have confirmed by analising the email header, but anyone with aceess to an SMTP server can send emails using your name and email address – the same way i can send an e-card from a website – seemingly in my name and through my own email address, but without having to put in my username and password (when authentication is diabled on the SMTP server).
    http://emailtrackerpro.visualware.com/ has a decent tool to track emails using their header. might help.

  2. Hi,

    The very first question I have for you is :
    Have you ever used a public computers to log-in to your gmail account?

    This could be several months or even weeks to hours depending on which situation your in. By the time the spammer or the attacker got hold of the address it will be far away from the time your password was collected. So even though you got attacked today doesn’t mean your Gmail got hacked just today. The attacker might have had the info for somtime and used it just today! that’s why you have to change your password from time to time. at least every 3 months. My friend who got her gmail hacked got his blogspot blog hacked as well because he was stupid enough to use the same password! Probably its because he used insecure log as he logged in as legacy “http://www.blogger.com/legacy-claim.g” before google bought it. That log-in doesn’t force the https connection.

    Back to public computer: when you use public terminals you don’t know what monitoring software that are running or whether the PC has malware which sends data to the attacker who is far away.

    Personally I recommend you setup one more e-mail account for mobile access. So whenever you go away for a long period you basically set a forward rule to forward mails you get in your “proper” address to your mobile address. So even if you loose your mobile one you can always make another. At first it might be too much work but trust me it will go a long way!

    Another good way is to securely configure your mailbox on your mobile phone and have a size limit in downloading, so you don’t get bogged down. So you don’t have to use public terminals anymore.

    Remember having a great password don’t make you safe. Its the way you work and think! so think twice! Attackers are smart

  3. Thanks Haren. However, my Gmail account was in fact hacked since the email was sent through it, to all my contacts on it. FYI, I regularly use Postfix on my Mac to send bulk emails out, so I’m aware of the method you propose.

    What’s disturbing here however is that the spambot actually got into my Gmail account. And as I’ve pointed out in the post, it’s not the first time this has happened either to Gmail accounts.

  4. Sanjana, I’m so sorry to hear that your gmail account got hacked! Thank you for alerting your readers to this issue, since many of us rely on gmail. You’ve done us all a public service, especially by linking to Tiffehr’s post which describes the remedial measures to take in the event of a hack. Best of luck in getting this straightened out. Sending you plenty of moral support from Boston.

  5. Thanks Diane – it could have been worse.

    This does raise the larger issue, for us both, of security for online mediation services that store sensitive client / case details.

    Over the wire and local storage aspects of security can be technically addressed to the maximum degree possible, but botnets are getting more sophisticated and taking over more computers on the web, which of course increases their computing power exponentially. The challenge of user education is also paramount – as I note here, the best security often falls prey to silly practices of its users.


  6. Sanjana, you raise an important point about the vulnerability of online activities to security breaches — particularly for mediators for whom confidentiality is critical. Your point about user education is well taken — it’s not only hackers we must be alert to but also the negligence of users themselves. Your experience has really raised my own awareness. I learned from my own encounter with hacking earlier this year how important it is to have recovery plans in place.

    Thanks again for sharing your experiences, Sanjana. Your blog is one of my very favorite online resources for conflict resolution and technology news and analysis, and I wish you the best as you move forward from this.

  7. also there might be a trojan/keylogger on your computer thats recording your gmail logins and sending it to the spammers central server…

  8. Netduke, thanks for that advice. I’m on a Mac and haven’t yet heard of a key-logger written to run on OS X. I also checked all the active processes as well as TCP/IP traffic and ports and there’s nothing amiss.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s