Email Hacked - but how?

[DBWebDev]

My gmail account sent spam to everyone in my contacts, one email per every few contacts, each contact in the "to:" field. I'm not retarded so I've never been phished, I only use my email password for that account as well.

Gmail shows an IP of 88.181.240.174 logging in from France using the mobile interface at around the time it happened.

Anyone got any ideas on how they did it? I've changed my password but I'm really pissed off. I've never had any account of mine comprimised, and I want to make sure it doesn't happen again. I remember a while back there was an exploit on Hotmail and loads of accounts got comprimised on the server side, has anyone heard of something similar happening?

 

[Human]

My gmail account sent spam to everyone in my contacts, one email per every few contacts, each contact in the "to:" field. I'm not retarded so I've never been phished, I only use my email password for that account as well.

Gmail shows an IP of 88.181.240.174 logging in from France using the mobile interface at around the time it happened.

Anyone got any ideas on how they did it? I've changed my password but I'm really pissed off. I've never had any account of mine comprimised, and I want to make sure it doesn't happen again. I remember a while back there was an exploit on Hotmail and loads of accounts got comprimised on the server side, has anyone heard of something similar happening?

Jesus, the same thing happened with one of my oldest email accounts, no joke. I wouldn't have known it until I got a text message, since my cell phone email was in my contacts list for picture uploads.

Some .webs subdomain that looked funny and sent me to a Viagra site. Was yours like this?

 

[BluuueJammm]

could have just been a brute force attack if you use anything other than a random string for your password. Also you ever used it to log on outside of your own connection? Once you do that there are multiple ways of having it taken.

 

[Magic Hat]

Have you logged in at a public place or like a friends computer?

 

[DBWebDev]

@Human: It wasn't a .webs subdomain no, was just bog standard pharma spam on random letter domains.

@BluuueJammm and Magic Hat: I haven't logged in anywhere public or unsecured, that's why I can't understand how it's happened. Could have been bruteforced as it was only lowercase letters and they were all words found in the dictionary.

 

[envision]

bruteforced as it was only lowercase letters and they were all words found in the dictionary.

There's your answer.

Most likely.

Other options:

• using open WiFi hotspots, public or your friendly neighbor's
• using the same password at other places (e.g. sign up to site xyz using your Gmail account and the same pass, xyz admin checks xyz pass on Gmail)
• signing on to any other Google services on a compromised friend's, relative's or public computer. Google accounts are linked, one passwd unlocks all.

 

[HotHat]

Maybe you have a keylogger on your machine.

 

[ayzo]

Theres a exploit out there for google docs, if you're logged in and view a malicious doc the attacker can get access to your whole account.

 

[tainted]

• using the same password at other places (e.g. sign up to site xyz using your Gmail account and the same pass, xyz admin checks xyz pass on Gmail

• Probably this. Except the site got hacked. Had it happen to me.

 

[Lapris]

God forbid, you have a virus which has no definition file written for it, and it can evade all current heuristics.....

:R:

 

[PSU4Life]

...Also you ever used it to log on outside of your own connection? Once you do that there are multiple ways of having it taken.

What do you guys do while traveling and you can't use your own connection? Is buying a VPN for a few bucks a month all we need to do?

 

[RockDiesel]

Had an old hotmail of mine get hacked. Went through my old contacts list and started sending out spam like no other. I think the only reason I found out was because my new email was in my old emails contacts list for some reason, so I got one of the emails.

Anyways, after that. I changed every single password of mine to a mix of lowercase,uppercase,numbers, and symbols.

I use Password generator to generate good, secure, random and easy to remember passwords.

You can set all the parameters you want for the password.

 

[JarredLv]

Yup, same thing happened to me a few days ago. Any AM's who got an email from me (my e-mail resembles part of my WickedFire name), I apologize. I have a suspicion it was brute forced as well. It wasn't the strongest of passwords.