Gmail - unauthorized access?

Discussion in 'other security issues & news' started by wilbertnl, Aug 15, 2010.

Thread Status:
Not open for further replies.
  1. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    When I checked my Gmail in a browser, I got a red warning stating that my account was accessed from an unusual IP address.

    The picture shows more info about that incident, perhaps this is a service that I don't recognize.
    I wonder how I could associate this address with anything that I know about?

    Gmail suggested that I changed my password, which I did.
     

    Attached Files:

  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you sweep the machine for malware, just in case?
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    This is exactly the kind of issue I was worried about in this thread that was moved to the privacy forum for some reason. These breaches seem to be happening very frequently to a large number of folks.

    I'd echo what Cudni said, though. Have you done a once, or twice-over with various scanners to see if you have any malware on the local system?
     
  4. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    I got the same message from Gmail a few months ago, I checked my sent folder and there was over 100 spam emails sent to different email address including everyone on my contact list. All of the spam emails were a phishing scam for the Canadian Pharmacy.

    I had no malware on my system, I checked with every possible scanner and I was clean. I had no other issues with my computer.

    I only visit Gmail from my Firefox bookmark, so it couldn't have been a phishing site that got my password.

    I believe that my password was stolen from Google's servers. That was the only reasonable conclusion.
    Since I changed my email, there hasn't been anymore problems.

    Thanks.:)
     
  5. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Wilbertnl and Littlebits, do you mind my inquiring as to the strength of the passwords you were using at the time of the GMail compromise?

    My paranoid suspicion has always been that someone has figured out a way to steal passwords directly from GMail, without requiring the end-user to become infected, Phished, or XSS attacked - But that's a hefty claim, and I'm always uncertain about it. However, if what happened to Littlebits occured in spite of a strong password, maybe GMail actually has been cracked.
     
  6. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Not at all, my Google password is unique and generated by a browser extension of lastpass.com and looks like 'bC5bQkhMQ', I generated a new password with increased length of 17 characters and special characters included.

    Also I don't see any activity that indicates that this unauthorized access is used to send (spam)mail. Another curiosity is that this incident happened August 5th and I got alarmed yesterday, 10 days later?

    I'm more thinking in the line of perhaps I activated some service that I allowed access to my gmail (Some services like Facebook, Plaxo etc ask you to read your contact list), but I just don't recognize the mentioned host.

    What do you think?
     
  7. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Another option is that gmail was being used on wireless, one of its cookies hijacked by someone else's infected computer on the same network, passed on to the remote hacker who then used the cookie to send mails from gmail.

    I recall that gmail had a longstanding issue where even if the user used SSL, the cookies could be obtained by the attacker due to faulty design.

    If the password was hacked, then the attacker would have changed the password herself
     
  8. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    My password was very unique a mixture of letters upper and lower case with numbers generated by Roboform. I don't use wireless internet. What is even more strange is that I never logged out of Gmail, because I didn't have to enter my password to access it.

    When I went to Gmail I was already logged on which makes me believe that my password was hacked from Google servers, not from my system or my ISP.

    Thanks.:)
     
  9. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    This seems to happen to at least one person on any of the forums I frequent about once per week. Many times the afflicted individuals are operating from iPhones, or Linux machines, and very rarely do they find malware if they're running from a Windows based computer.

    I'm beginning to think more and more that there is some massive compromise at GMail's end of things. However, this feels like a large claim, and there's no way to investigate it, since Google would never go public if someone knew how to crack their password database / stole passwords from them.

    I suppose the alternative possibilities include (1) XSS scripting or (2) wireless compromise. I'm guessing it's likely that XSS attacks from from other sites steal session cookies. Wearetheborg seems correct in assuming that, otherwise, passwords would likely be altered.

    Of course, some folks I know of have had their passwords altered, too. That makes me suspicious further, though I don't know how much wireless security plays into those specific cases. I'm not knowledgeable enough to parse that out.
     
Loading...
Thread Status:
Not open for further replies.