Gmail - unauthorized access?

When I checked my Gmail in a browser, I got a red warning stating that my account was accessed from an unusual IP address.

The picture shows more info about that incident, perhaps this is a service that I don't recognize.
I wonder how I could associate this address with anything that I know about?

Gmail suggested that I changed my password, which I did.

 

did you sweep the machine for malware, just in case?

 

This is exactly the kind of issue I was worried about in this thread that was moved to the privacy forum for some reason. These breaches seem to be happening very frequently to a large number of folks.

I'd echo what Cudni said, though. Have you done a once, or twice-over with various scanners to see if you have any malware on the local system?

 

I got the same message from Gmail a few months ago, I checked my sent folder and there was over 100 spam emails sent to different email address including everyone on my contact list. All of the spam emails were a phishing scam for the Canadian Pharmacy.

I had no malware on my system, I checked with every possible scanner and I was clean. I had no other issues with my computer.

I only visit Gmail from my Firefox bookmark, so it couldn't have been a phishing site that got my password.

I believe that my password was stolen from Google's servers. That was the only reasonable conclusion.
Since I changed my email, there hasn't been anymore problems.

Thanks.

 

Wilbertnl and Littlebits, do you mind my inquiring as to the strength of the passwords you were using at the time of the GMail compromise?

My paranoid suspicion has always been that someone has figured out a way to steal passwords directly from GMail, without requiring the end-user to become infected, Phished, or XSS attacked - But that's a hefty claim, and I'm always uncertain about it. However, if what happened to Littlebits occured in spite of a strong password, maybe GMail actually has been cracked.

 

Not at all, my Google password is unique and generated by a browser extension of lastpass.com and looks like 'bC5bQkhMQ', I generated a new password with increased length of 17 characters and special characters included.

Also I don't see any activity that indicates that this unauthorized access is used to send (spam)mail. Another curiosity is that this incident happened August 5th and I got alarmed yesterday, 10 days later?

I'm more thinking in the line of perhaps I activated some service that I allowed access to my gmail (Some services like Facebook, Plaxo etc ask you to read your contact list), but I just don't recognize the mentioned host.

What do you think?

 

Another option is that gmail was being used on wireless, one of its cookies hijacked by someone else's infected computer on the same network, passed on to the remote hacker who then used the cookie to send mails from gmail.

I recall that gmail had a longstanding issue where even if the user used SSL, the cookies could be obtained by the attacker due to faulty design.

If the password was hacked, then the attacker would have changed the password herself

 

My password was very unique a mixture of letters upper and lower case with numbers generated by Roboform. I don't use wireless internet. What is even more strange is that I never logged out of Gmail, because I didn't have to enter my password to access it.

When I went to Gmail I was already logged on which makes me believe that my password was hacked from Google servers, not from my system or my ISP.

Thanks.

 

This seems to happen to at least one person on any of the forums I frequent about once per week. Many times the afflicted individuals are operating from iPhones, or Linux machines, and very rarely do they find malware if they're running from a Windows based computer.

I'm beginning to think more and more that there is some massive compromise at GMail's end of things. However, this feels like a large claim, and there's no way to investigate it, since Google would never go public if someone knew how to crack their password database / stole passwords from them.

I suppose the alternative possibilities include (1) XSS scripting or (2) wireless compromise. I'm guessing it's likely that XSS attacks from from other sites steal session cookies. Wearetheborg seems correct in assuming that, otherwise, passwords would likely be altered.

Of course, some folks I know of have had their passwords altered, too. That makes me suspicious further, though I don't know how much wireless security plays into those specific cases. I'm not knowledgeable enough to parse that out.