I suspected my gmail account had been compromised when my stored password didn’t work and I had to change my password after resetting it. Google informed me later that my account was accessed from South Korea twice, at 4:25 and 4:36am, from different IPs that I have whois’d to different Korean ISPs. I updated and ran a quick scan with malwarebytes and found nothing, then I updated Spybot and ran a scan and it didn’t find any malware either. Did Google itself have another security breach? Should I report the IPs to the ISPs?
Why would Google have to have a security breech for this to happen?
All that needs to happen is that you use glowacks@gmail.com as a login for some site, and your gmail password on that same site, and that site gets its data stolen, and now a hacker (or a toddler) has a good guess to go off as to what your gmail password might be.
Heck, you could probably use glowacks@hotmail.com or glowacks@yahoo.com with your gmail password and the process still would be fairly simple.
I had a security breachon my Gmail a week ago today, as a matter of fact. I sent out about 100 messages selling prescription meds and weight loss pills. But I thought it was because I was running a VNC between my IPad and PC, and turned off the firewall because I was too lazy to investigate how to make a firewall exception.
But my hacker was apparently American. I would have lost my account had I not associated with my cell phone number, since my security question’s answer was wrong…
I didn’t use that password for anything else online; I know that as sure as I know the Sun will rise tomorrow. Unless my computer itself (which had stored the password) was compromised, there would be no way for someone to associate my email address with my password.
Thank you for reminding me that most people are idiots though, and that I should have included that important piece of information up front.
Google now offers two-factor authentication for gmail. It’s a bit of a hassle to get it all set up the first time, but is well worth the trouble if you worry that a password alone isn’t providing adequate security. (An Android, iPhone or Blackberry smartphone is required however.)
I saw that, but I don’t have a smartphone. I have a phone that makes phone calls in emergencies, and otherwise tells me the time.
Google’s 2 step verification is pretty painful, but I certainly feel safer.
We shall see if it works.
At one point recently, I was looking through my Sent folder and found spam that had gone out. Glad to have this!