gmail compromised

[RedsB3]

I was wondering if anybody could tell me how some Nigerian scum got into my gmail account, changed the password and security question and forwarded all email to his cell phone in nigeria. I NEVER give out passwords and am really at a loss to see how he accomplished this. I have already scanned my computer for trojans, keystroke software, etc. with several different companies. It took me two days to get it back and I guess I am fortunate. He used it to send all my contacts a plea for money, the old stuck in London with just my passport scam. How do they accomplish this??

 

[lxskllr]

Was your password strong? Maybe you used insecure wireless at one point?

 

[RedsB3]

gmail rated it as strong, but I haven't changed it in over a year. Would it be possible if somebody replied to an ad from craigslist and I replied back with gmail? gmail is the account I use for most everything but my personal contact list and my financial stuff. I was on an unsecure network with my laptop about 4 months ago, not sure if I accessed gmail or not.

 

[lxskllr]

Would it be possible if somebody replied to an ad from craigslist and I replied back with gmail?

No, that wouldn't compromise your password. I'm not sure how it could have happened tbh. Maybe someone randomly picked your name, and brute forced it. Seems like a lot of effort for little pay off, but I guess you never know :^/

 

[sao123]

do you use the same password on other sites?

 

[onza]

i need to get into the habit of using a spam like email and my personal for personal stuff.

 

[RebateMonger]

Security Question?

http://blogs.securiteam.com/index.php/archives/1125

 

[disports]

Ah unfortunately, I suffered the same fate. Except mine said that I suffered an injury (broken arm I think?). I don't know how the individual got into my account but it was a good lesson as I had been meaning to change my password for a while but never got around to it. It certainly helps now that I created even more passwords, they are a lot different, and at least 4-6 characters longer.

 

[RedsB3]

do you use the same password on other sites?

Yes, I have used this password on some forum sites. Don't see how they would get it though unless somebody that works for the forum site is selling them.

 

[sao123]

Yes, I have used this password on some forum sites. Don't see how they would get it though unless somebody that works for the forum site is selling them.

or the forum database is compromised... this is one of the top security vurnerabilities of all time.

once an attacker gets into the DB, that can get your email address and forum password, and voila... all they have to do is try that PW on your email account.


this just happened to like 200,000 facebook users a few weeks ago... and about a million hotmail/yahoo/google mail accounts about 2 months ago.

 

[Scouzer]

ugh, i'm really going to have to change all my passwords to lengthy hash types arent i. great.

 

[RedsB3]

Well, I guess the lesson here is to use a different password for every site. Change your gmail, yahoo, whatever password frequently and hope for the best. Man, what a PITA, I will have a list about 2 pages long.

 

[lxskllr]

Well, I guess the lesson here is to use a different password for every site. Change your gmail, yahoo, whatever password frequently and hope for the best. Man, what a PITA, I will have a list about 2 pages long.

You have to remember too, that some passwords aren't so important. I use the same pass on the forums and minor stuff I belong to. If it gets compromised, it's just a minor irritation. Having good passwords are more important for financial sites and whatnot. They also have password managers that many people use. I don't, so I can't give a recommendation, but Google should be able to help.

 

[seepy83]

You have to remember too, that some passwords aren't so important. I use the same pass on the forums and minor stuff I belong to. If it gets compromised, it's just a minor irritation. Having good passwords are more important for financial sites and whatnot. They also have password managers that many people use. I don't, so I can't give a recommendation, but Google should be able to help.

Password Safe (http://passwordsafe.sourceforge.net/) is a pretty good one for personal use. It's open source and uses twofish for encryption (which, to my knowledge, isn't functionally breakable).

 

[Chiefcrowe]

Agreed - i would change every password you have and also use a password manager to keep track of things.