Categories: Composing and Sending Messages :

Argh spam sent from my email address, hacked?

Showing 1-436 of 436 messages
Argh spam sent from my email address, hacked? Caitlin07 3/11/10 8:51 AM
Hi just reporting this and wondering how it's happened,my password wasn't common.This morning I discovered my email account had spammed contacts at 7.03 gmt, whilst none of our computers on and I always sign out and I always sign out, I immediately changed my password and have now checked through the settings, nothing else seems to have changed. This was the spam sent:

Hello,
Dear friend, How are you doing?
I find a site to sell electronic products with very good price. Laptop, DC and Cellphone even Motorcycle are very popular. Their products are original quality with very low price as wholesale business supplier. They also can do retail business for end user now. Maybe it is fit for your business . If you like you can contact them . Website: www.shopcnwrf.com
 

Wish you everything goes well.
Best regards.







Please Also Include:
Operating system Winxp
Program and version you use to access Gmail Firefox
Your antivirus software Avira and avast, superantispware, zonealarm(laptop, netbook and pc)
Any extensions, toolbars or plug-ins:noscript and WOT
Re: Argh spam sent from my email address, hacked? chau328 3/11/10 11:08 AM
I got the same problem. My Gmail account was somehow hacked and sent out similar message to all of my 400 or so contacts! I had to change password right away and deleted any saved confidential emails.
Re: Argh spam sent from my email address, hacked? bkc56 3/11/10 3:18 PM
If your account has been compromised/hacked/stolen you will need to check and fix at least all of the following things:

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and secondary e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft

Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info:  http://www.google.com/help/security/
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Re: Argh spam sent from my email address, hacked? Caitlin07 3/12/10 10:12 AM
Thanks :) I've checked through everything and no changes evident bar the one spam email to all my contacts :(, but it has made me apprehensive re security.
Re: Argh spam sent from my email address, hacked? bkc56 3/12/10 10:40 AM
You might also do some serious scanning of your computer for virus/adware/malware infections.
Re: Argh spam sent from my email address, hacked? mulgy 3/12/10 2:07 PM
i had the same problem, and it was good to see it wasnt just me, i followed the advice and hopefully that will be it sorted, Thanks Guys.

Mulgy

Operating system : Linux Debian
Program and version you use to access Gmail : Sylpheed-Claws
Antivirus software : ClamAV
Re: Argh spam sent from my email address, hacked? eunchoi1 3/14/10 11:43 AM
The same thing has happened to my account. The only unusual activity of late is that I checked my Facebook account after almost 6 months of inactiivity and the very next day the hacking occurred. Could there be a connection?
Re: Argh spam sent from my email address, hacked? parwyn 3/14/10 9:23 PM
This also happened to my account.
 
I'm on windows 7 myself.
Re: Argh spam sent from my email address, hacked? mcaoxol 3/15/10 8:47 AM
This happened to my account, which is very odd because there are two other email accounts which I frequently use on this computer and neither of them had the problem. One of them even uses the same password. 

Also, I find it very unlikely that I've downloaded any worm from an .exe file, as I'm pretty careful about only downloading programs from trusted sources.

Operating system: Vista
Program: Chrome 4.0.249.89
Antivirus: PC-cillin
Re: Argh spam sent from my email address, hacked? darnit55566 3/15/10 6:09 PM
I have only used my iPhone to connect to my primary (the victim account) Gmail in the last few months and I had the same thing happen to me. I have two other Gmail accounts and I use my home PC to access them. They are unaffected. My home PC is scanned by Spybot, Maleware, and Symantec...all of which are up-to-date.

The issue happened on Sunday morning. I was in the DFW airport on Friday and tried many times to connect with my iPhone to a "free" wi-fi connection. It just seemed to hang. I tried to check my Gmail and Facebook, but nothing seemed to work. I am willing to bet the "free" wi-fi connection was gathering passwords or something. I changed my Facebook password the second I learned about the Gmail issue.  Anyway, did anyone else try to connect to a suspicious wi-fi account?

Oh, and the Chinese just stole the Gmail source code (it was in the news a few weeks ago), so I wonder if this is connected.
Re: Argh spam sent from my email address, hacked? Tisa P 3/17/10 8:29 AM
This happened to my account this morning and it appears that my account has been compromised.  Recent activity shows that my account was accessed from an IP address at the exact time the message was sent from my account.  I was connected via my mobile shortly after the event transpired.  You can report the issue using the following link http://mail.google.com/support/bin/answer.py?answer=45938.
Re: Argh spam sent from my email address, hacked? Caitlin07 3/17/10 12:06 PM
I've treble checked our computers,  and all seems healthy with regard to any viruses etc so still a mystery as to how accessed, though I did also access gmail through my phone but on standard mobile wap so thought should be secure enough!
Can I ask was it the same message my account sent out that others on this thread experienced or just other random spam email? I would hope if same message that google could maybe find the attacker?
Re: Argh spam sent from my email address, hacked? denS 3/18/10 5:41 AM
I had the same problem with Goggle yesterday sending to everyone including our company president ( I use this home e-mail also for overseas (China) representative communications (frequently at night) yesterday.  The only issue that was strange before it happened occurred the night before that when I left my computer on all night down loading a special offer for "Paintshop Pro X3 which failed to down load successfully and in the morning I had an indication of a compromise of my NVidia driver which I thought was strange.  I aborted the download and restarted computer, perhaps a mistake.
After releasing the compromise of Google I have changed to a complex password after years of a simple one but from what I read there may be more to this then just password.  I subsequently reloaded Paintshop pro that evening successfully and it runs correctly.  The message you reference is the same as I had with a China site address 
Re: Argh spam sent from my email address, hacked? jessicasun777 3/22/10 3:17 PM
Hi guys, need some help here, I am having the same problem twice!
I realized I was spamming people on my contact list (yesterday) so I changed my password and reset all my settings.
But, it happened again this morning and I'm starting to spam people again.

How does this keep happening, and what can I do?
To my knowledge my computer is virus free
Re: Argh spam sent from my email address, hacked? sharonrenee80 3/22/10 3:18 PM
This happened to me. 99% sure the hackers got my email either from Gmail or my IPhone. 
Re: Argh spam sent from my email address, hacked? m4surveys 3/22/10 5:10 PM
Check your "Vacation Responder" in "Settings".

I started getting these today (3/22/09), somebody got in and set up the responder to send out this message...

"Hello
How are you doing recently?
I would like to introduce you a very good company which i knew. Their website is   www.ebakm.com  They can offer
you all kinds of electronical products which you need,like Laptops ,GPS ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........
Please take some time to have a check ,there must be something you 'd like to purchase .
Hope you have a good mood in shopping from their company !
Best Regards!!!"

Sound familiar? ARgggh!

Anyway I turned it OFF and upped my password a little bit.

No biggie, I  use this acct for "Junk Mail" mostly, just annoying.
Re: Argh spam sent from my email address, hacked? m4surveys 3/22/10 5:13 PM
Hey!

Also been looking all over to find where to report stuff like this to Google???
This forum was about it. Does Google care?
Re: Argh spam sent from my email address, hacked? m4surveys 3/22/10 5:18 PM
One more thing...
That was a CHINESE web site, I guess they are in full electronic warfare mode against Google now! ;-(
Re: Argh spam sent from my email address, hacked? rviradia 3/22/10 10:38 PM
CRAP, the same thing just happened to me!  and I have nothing running on my PC, me thinks there is a hole in gmail
Re: Argh spam sent from my email address, hacked? rviradia 3/22/10 10:52 PM
I have a palm pre, I checked last logins in gmail and they were from sprint & my comcast pc, I NEVER use a public network.  I'm pretty sure gmail has a hole somewhere.  For now I backed up my 700 contacts and deleted them all from gmail, this is very embarrassing.

Re: Argh spam sent from my email address, hacked? bkc56 3/22/10 10:56 PM
me thinks there is a hole in gmail

That's a convenient suspicion, but highly unlikely.  There are many ways to gain access to an account.  Even if your computer is clean, options range from simply phishing to leaving an account logged in when you walk away from your computer.

Ones time is best spend re-securing your account and attempting to figure out how the account breach happened.
Re: Argh spam sent from my email address, hacked? rviradia 3/22/10 11:00 PM
bkc56, how do you explain;

essicasun777
Level 1
6:17 AM
Hi guys, need some help here, I am having the same problem twice!
I realized I was spamming people on my contact list (yesterday) so I changed my password and reset all my settings.
But, it happened again this morning and I'm starting to spam people again.
Re: Argh spam sent from my email address, hacked? bkc56 3/22/10 11:15 PM
bkc56, how do you explain;

Any of the following, and even more that I haven't tried to document yet.


Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing

 * Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
 * Never respond to an e-mail that requests your login:password.  Never follow a link that doesn't go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
 - Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
 - Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
 - Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
Common password usage
 * Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
 * Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
 - Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
 - Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a "junk" e-mail address for all forum/web-site registrations so it does not lead back to your primary account.
Failing to log out
 * Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
 * Always close your account when you walk away from your computer (even at home for some people).
 - Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154
Browser auto-fill enabled
 * Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
 * Never use the browser's auto-fill capabilities unless you're on a 100% private, secure, and trusted computer.
 - Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095
Keylogger
 * Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
 * Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).
Trojan/Virus/Malware
 * While not strictly used to steal an account, could do damage to your account or use it to send spam while you're logged in.
 * Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of malware type scanners is good too.
 - Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
 - Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760
Password guessing
 * A brute-force method of guessing someone's password, made easier if they know you in real-life, especially if you use a weak password (like a kid's or spouse's name).
 * Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
 - Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Server attack
 * When someone compromises a company's server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
 * Nothing you can really do about this except deal with only reputable companies with good privacy policies.
Network packet capture
 * Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
 * Very little you can do about this except avoid using any unsecured wireless networks.

Re: Argh spam sent from my email address, hacked? rviradia 3/22/10 11:22 PM
When I go to details in gmail why was I the only IP that has logged in when the incident occurred.
Re: Argh spam sent from my email address, hacked? bkc56 3/22/10 11:29 PM
Who knows.  The obvious answer is some sort of malware/adware on the computer that was signed in, but I doubt that's the only possibility.

But let me back up a bit.  Above when you said "the same thing just happened to me", by "same thing" did you mean your Vacation Responder or Signature were modified to send out the message?
Re: Argh spam sent from my email address, hacked? rviradia 3/22/10 11:33 PM
My vacation & signature seem to be both clear & off

Thanks
Re: Argh spam sent from my email address, hacked? bkc56 3/22/10 11:40 PM
So just exactly what did you notice in your account?  What happened?  How did you find out about it?  I don't know what "same thing" refers to.
Re: Argh spam sent from my email address, hacked? rviradia 3/23/10 12:00 AM
I stated getting a bunch of bounce messages ( have have many outdated emails in my addr book), and was like "what the...", so I checked my sent items and there was 2 outgoing mails with bcc of my entire addr book, so I immediately changed my pass and checked details only to find I was the only person that logged in.  I just ran a malwarebytes scan and had Spyware.MarketScore but nothing else.
Re: Argh spam sent from my email address, hacked? bkc56 3/23/10 12:13 AM
Well I'm not going to even pretend to be able to do a remote forensic analysis on how an account was compromised.  It's possible it was some malware/adware, but more likely someone simply got in.  You may never figure it out (which is to bad because it's a lot easier to plug a hole when you know where it is).  But as I said above, preventing it in the future is the key and there are specific steps you can take to aid that.
Re: Argh spam sent from my email address, hacked? globalnoc 3/23/10 1:11 PM
I was hit by these guys too.  Here is the information needed to shut them down.

Here is the information on the url: www.shopchwrf.com

There are out of China.  The url is hosted by Godaddy.  Godaddy's DNS servers are pointing to the real location  of their servers in the NL.  Their servers are managed by Altushost, Inc.

Everyone needs to email both Godaddy to have them shut down their DNS and Altushost to have them shut down completely.

The email addresses are:

ab...@altushost.com

ab...@godaddy.com

------------------------------------------------------------

Registrant:
   He Qing
   beijing., China
   Beijing, Beijing 100110
   China

   Domain Name: SHOPCNWRF.COM
      Created on: 27-Feb-10
      Expires on: 27-Feb-11
      Last Updated on: 27-Feb-10

   Administrative Contact:
      Qing, He 
      beijing., China
      Beijing, Beijing 100110
      China
      13552707210      Fax --

   Technical Contact:
      Qing, He 
      beijing., China
      Beijing, Beijing 100110
      China
      13552707210      Fax --

   Domain servers in listed order:
      NS19.DOMAINCONTROL.COM
      NS20.DOMAINCONTROL.COM

-------------------------------------------
CANN Registrar:
GODADDY.COM, INC.
Created:
2010-02-27
Expires:
2011-02-27
Updated:
2010-02-27
-------------------------------------------
Server Type:
Microsoft-IIS/6.0
IP Address:
213.5.71.52
IP Location:
United Kingdom - United Kingdom - Altushost Inc
Response Code:
200
Domain Status:
Registered And Active Website
------------------------------------------

Reverse IP lookup on 213.5.71.52:

netnum:        213.5.64.0 - 213.5.71.255
netname:        ALTUSHOST
descr:          AltusHost Inc.
remarks:        Dedicated and VPS
country:        NL
org:            ORG-AI46-RIPE
admin-c:        AHLU
tech-c:         ACR5-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         ALTUSHOST-MNT
mnt-lower:      RIPE-NCC-END-MNT
mnt-routes:     ALTUSHOST-MNT
mnt-domains:    ALTUSHOST-MNT
source:         RIPE # Filtered

organisation:   ORG-AI46-RIPE
org-name:       ALTUSHOST INC.
org-type:       OTHER
address:        PO BOX 1106
address:        Belize City
address:        Belize
phone:          +1.2176507100
fax-no:         +1.8012892788
mnt-ref:        ALTUSHOST-MNT
mnt-by:         ALTUSHOST-MNT
source:         RIPE # Filtered

role:           AltusHost - Luxembourg
address:        L-8389
address:        Windhof
org:            ORG-AI46-RIPE
abuse-mailbox: 
admin-c:        ACR5-RIPE
tech-c:         ACR5-RIPE
mnt-by:         ALTUSHOST-MNT
nic-hdl:        AHLU
source:         RIPE # Filtered

role:           AltusHost - Contact Role
address:        ALTUSHOST INC.
address:        P.O. Box 1106
address:        Belize City, Belize
address:        Central America
phone:          +1.2176507100
fax-no:         +1.8012892788
abuse-mailbox: 
admin-c:        AHNT
tech-c:         ACR5-RIPE
nic-hdl:        ACR5-RIPE
mnt-by:         ALTUSHOST-MNT
source:         RIPE # Filtered

route:          213.5.64.0/21
descr:          ALTUSHOST INC.
origin:         AS49544
mnt-by:         ALTUSHOST-MNT
source:         RIPE # Filtered
Re: Argh spam sent from my email address, hacked? ewa.joanna 3/23/10 9:17 PM
Hi everyone,
It happened to me on 15 fo March and all of my contacts are gone from the list. The link in the spam mail was   http://glad-shopping.com.
Norton security did not give any alerts.

Re: Argh spam sent from my email address, hacked? silentismydark 3/24/10 5:08 AM
As I was sitting here reading facebook, my computer sent out the exact same spam message the OP has there to every single contact.

I've been scanning my computer like crazy, nothing is showing up.

I followed all the steps of the first answer - everything was already as such in the settings, so I have changed my password - however, I'm rattled because my previous password was made to be secure.

Is the only true solution to delete all my contacts? Is there anyway gmail can look into this, because it's happening to a fair number of users.
Re: Argh spam sent from my email address, hacked? Cosmic Surfer 3/24/10 8:55 AM
Hi all...This VERY same spammer hit mine this morning..Could this be a google problem and not specific to accounts?  I have never seen this website he is having people link to before...

Re: Argh spam sent from my email address, hacked? DB211 3/24/10 1:33 PM
The same mass spam attack happened to me this morning too. I am frantically trying to figure this out as it sent out to my 500+ contacts including recent interviewers. This seems to be a common problem and I wonder if anyone has figured it out yet. I'll keep looking around and if I find the solution I'll be sure to post it. 
Re: Argh spam sent from my email address, hacked? Xochitl 3/24/10 2:03 PM
All of my contacts disappeared.  I was able to retrieve the e-mail addresses from my sent mail, but looking up addresses and phone numbers for 250 contacts will be daunting.  Is there any way to get these back?  Aren't they stored on the server?  (Yes, I know I should have backed up my hard drive---locking the barn door after the horse is stolen.)
Re: Argh spam sent from my email address, hacked? rviradia 3/24/10 9:05 PM
I was in gmail and a red bar just appeared on top that said "we think your account was accessed from another country", the IP didn't show up in details before but just did now:
 

UnknownChina (115.49.32.252)Mar 23 (2 days ago)
Re: Argh spam sent from my email address, hacked? Caitlin07 3/25/10 3:12 AM
Snap just had a red bar with a message from google saying we think your account was accessed from China, I did panic and think had happened again but on checking details it shows it for March 11th unknown china(115.49.89.130)
I hope google are looking into this!
Re: Argh spam sent from my email address, hacked? grizzlyadams907 3/25/10 5:13 AM
Had the same thing happen .. sent out spam for some Chinese Electronics Warehouse Discount Place supposedly coming from 'me' to my contact list .. went through the whole deal virus scans, spybot, etc. before figuring out that whatever happened .. went on around the world from me and not on my computer .. bottom line after 4-5 hours of screwing around I ended up deleting my account with gmail permanently and starting over from scratch. (Hey mom never said I was the smart one in the litter !) .. I guess I'm  just a glutton for punishment .. But it will cure the problem .. NO ONE will ever send out email with that address / account again (at least from gmail)

BTW .. Congrats to 'GMAIL Support' .. after 12 password checks, 27 email exchanges, giving them the maiden name of my grandmother, my 1st dog, the teacher I had the hots for in grade school, a complete credit check (by all 3 agencies ) followed by a full body scan and a retina scan, I was finally visited by 2 suits wearing sunglasses who handed me an envelope containing a note stating my gmail account had been deleted .. whew !!
(OK maybe I stretched it a little .. you get the point)

Nice Going Guys !
Re: Argh spam sent from my email address, hacked? ajs 3/25/10 2:38 PM
OK, a few points, here:

1) If someone's spamming people and the span says it's from your gmail account, that may not mean that someone has access to your gmail account. It just means that they listed your address as the sender (forgery is widely practiced by spammers)

2) Just because your contacts got spammed "by you" doesn't mean that someone got ahold of your contact list. One tactic, for example, is to harvest the email addresses from an infected computer and then send all of the spam "from" one of those addresses, rather than revealing the owner of the infected system. Check with your friends who share similar contacts and see if THEIR systems have been compromised.

3) The Web site being advertised tells you very little. It's quite probable that that site just contacted out for "advertising" through the spammer.

4) Make sure that you set "Browser connection: Always use https" in your gmail settings. Harvesting contact information from your account is an awful lot easier if you're shipping that data across the wire in the clear. This is especially true if you use a shared Internet connection (such as a Dorm or campus network).



Re: Argh spam sent from my email address, hacked? Caitlin07 3/25/10 2:40 PM
Thanks ajs, but the fact that the sent message was in my sent items and had a china accessed my account surely that means someone did have access to the account?
Re: Argh spam sent from my email address, hacked? dr affolter 3/25/10 2:48 PM
The same message was sent from my gmail account. My contacts list was deleted. Now I am told that anytime someone sends an email they get an autoresponse of the same message. If you look at all of the evidence, looks like a google problem to me.
Re: Argh spam sent from my email address, hacked? JohnW2 3/25/10 2:50 PM
@Caitlin07  - Yes, indeed it does!  You'll probably find the payload in your Signature box (See Settings > General, Signature) or in the Out of Office Responder.

You need to change your password urgently, but make sure no one else is logged in whilst you do that.
Also, make sure your Secondary/Recovery address is correct, and if you have a mobile - put the number in there. That way you'll know if the perps try to get your password reset to what they know!!
Re: Argh spam sent from my email address, hacked? dr affolter 3/25/10 3:28 PM
Thank you John!!!
Re: Argh spam sent from my email address, hacked? dr affolter 3/25/10 3:32 PM
John,
I changed my password. Found the info in my vacation reply. What is the Secondary/Recovery address?
Thanks for your help
Re: Argh spam sent from my email address, hacked? bkc56 3/25/10 3:46 PM
dr affolter, look at the "popular answer" for this thread and you'll see a list of all the things you need to check since your account was compromised.
Re: Argh spam sent from my email address, hacked? Culturevulture 3/26/10 8:42 PM
But still that doesn't help to find out a) if the problem is really fixed, and b) how to get all our lost contacts back! I'd also like to know how my account was hacked and the spam was sent in the first place!

Why doesn't Google officially have anything posted on this yet?!?!? It's been since at least the 11th according to this thread!
Re: Argh spam sent from my email address, hacked? bkc56 3/26/10 10:36 PM
I'm not sure what you are hoping for.  Dozens of accounts are compromised every day.  Some people get them back with no problems, some don't.  Some people have simple changes made (like a vacation responder to send out spam) and some have everything deleted (if it's in Trash they can recover, if not, they can't).

It's a huge problem, but there are things you can do to protect yourself.  In addition, there are several ways to backup your account so that if the worst happens, you can recover everything again.

Unfortunately, many people learn of these things after it happens which is a bit late.
Re: Argh spam sent from my email address, hacked? slopster_ZA 3/26/10 11:10 PM
Hi all,

This happened to my account yesterday. A spam message was sent to every contact on my with the following message:

Here, Surprise!
I know a company has a promotion now,so I hope to introduce it to
you.RIC is a good company.Now you can purchase their products at 20%
discount,but this activity only lasts 30 days.It only took 5 days for
me to receive my product.If you need electronic products,please visit
www.mooiee.info
I guarantee you will get a satisfactory result.
Have a good day!

Having checked the recent account history, it displays access to my account from China - IP Address: 115.52.175.36 (Browser and Mobile) and also China IP Address: 115.49.88.113 (Mobile). [I have a screengrab of the activity log if it is of use to anyone addressing this issue]

As far as I can tell, the only action on my account by the perpetrators was to send the bulk email to all of my contacts, all other account settings appear unchanged.

I have subsequently changed my password.

In terms of how it occurred, as per the information provided on this forum, I presume one of the following 3 scenarios occured in my case:
1- I am travelling South East Asia for a few months and have frequently accessed my email using my personal laptop on unprotected WIFI hotspots
2- On a few occasions, I have had to use public/shared computers for email access when WIFI is not available. It is entirely probable that one of those machines was infected with Malware or a Keylogger.
3- I have occasionally shared passwords between websites. Another website may have been compromised revealing a password shared with my email account. [These have all been changed ;-) ]

Does anyone have any idea whether Google are pursuing this further? Surely they could add a user-controlled feature to Settings to prevent bulk mailing of more than, say, 10 addresses in the same mail? The setting should only be changeable through a multi-factorial security process, say combining email and SMS authorisation.

Anyway - hope my contribution is useful.

-Slopster
Re: Argh spam sent from my email address, hacked? zsarang 3/27/10 4:55 AM
i sent the following to the abuse desk of the isp involved i suggest everyone else does the same


from
toab...@cnc-noc.net
dateSat, Mar 27, 2010 at 1:49 PM
subjectFwd: Here, Surprise!
mailed-bygmail.com

hide details 1:49 PM (4 minutes ago)

Hi

It appears an ip from your network hacked into my gmail account last night and sent the following email. Details of the ip is listed below, this was taken from the activitry details on my account as provided by gmail


Browser China (115.49.89.218) Mar 26 (13 hours ago)
Browser China (115.52.245.153) Mar 26 (19 hours ago)





- Show quoted text -
Here, Surprise!
I know a company has a promotion now,so I hope to introduce it to
you.RIC is a good company.Now you can purchase their products at 20%
discount,but this activity only lasts 30 days.It only took 5 days for
me to receive my product.If you need electronic products,please visit
www.mooiee.info
I guarantee you will get a satisfactory result.
Have a good day!
Re: Argh spam sent from my email address, hacked? rose2192 3/28/10 6:42 PM
How was the ip information obtained? My account got hacked also and I am NOT a happy camper, especially when I use gibberish as a password, I don't use real words at all. if someone could tell me how to obtain that information, I would be very grateful. Also, is there an e-mail for gmail to report this hacking? I've resecured my account and I'm hoping all is well, but we'll see.

Thanks
Re: Argh spam sent from my email address, hacked? bkc56 3/28/10 7:10 PM
IP information can be seen in the Details link (bottom of the Index page).

Most account hacking is NOT done by guessing the password.  Having a strong password is important, but that doesn't prevent other types of hacking.
Re: Argh spam sent from my email address, hacked? djice.nh 3/29/10 6:17 AM
Google was hacked by China and they don't know how to stop it. It is in the news. Changing your password is useless because the way they get into your account bypasses your password. I started a yahoo account and transferred all of my contacts and e-mails, then removed them all from gmail. Not sure if that will work or not, but changing my password did nothing. Here is my google log below:
 
Access Type [ ? ]
(Browser, mobile, POP3, etc.)
Location (IP address) [ ? ] Date/Time
(Displayed in your time zone)
Browser * United States () 9:15 am (0 minutes ago)
Browser China (115.52.241.150) Mar 28 (21 hours ago)
Browser China (115.52.241.150) Mar 28 (23 hours ago)
 
 
Re: Argh spam sent from my email address, hacked? sharonrenee80 3/29/10 7:40 AM
How do you stop gmail from auto-saving contacts?
Re: Argh spam sent from my email address, hacked? JohnW2 3/29/10 8:03 AM
@ sharonrenee80  -  and exactly what has your issue got to do with this thread?
Please post your own question, instead of trying to hijack someone else's thread. Then  you might get an answer.
Re: Argh spam sent from my email address, hacked? sharonrenee80 3/29/10 3:16 PM
Well, sorry I didn't fully explain myself to you John.
Here's how my question is related to this thread:

I had the same problem w/ someone emailing (BCC'ing in my case) all of my contacts w/ some cheap promo (w/ message similar to the one quoted at the beginning of this thread and other threads like it).

I changed my password immediately (w/in less than an hour of the spam going out). I ran my antivirus and malwarebytes. Nothing but a few cookies. I also ran through the checklist provided in this thread (checking vacation responder, etc but found nothing).

Since I don't know how my account was compromised, I've no way to know it won't pick up my new password. Thus, it seems to me the best way to stop this bug from emailing my contacts again is to keep my contacts list empty. I've already deleted my contacts list, and I'd like keep it empty, and to do that I need to stop the auto-saving feature every time I open/send/reply to an email (besides manually deleting all the time). Seems like the best temporary fix to me.
Re: Argh spam sent from my email address, hacked? kingvandal 3/30/10 8:40 AM
Well I am not going to read all the responses as this happend to me this morning as well...  I am not sure if this has been posted or not but it is likly this exploit that is in the public realm now.  Fix this stuff google.  Dam.
 
Re: Argh spam sent from my email address, hacked? kingvandal 3/30/10 8:42 AM
Also exported all my contacts and deleted them all,.  Going to avoid gmail until this is fixed..
Re: Argh spam sent from my email address, hacked? bkc56 3/30/10 9:01 AM
Going to avoid gmail until this is fixed..

You might consider reading the article so you have a clue what is going on.  Specifically:

The hack involves Internet Explorer 6...

Microsoft has yet to patch the hole in IE 6...


But, let's not let facts get in the way of a good rant...
Re: Argh spam sent from my email address, hacked? silentismydark 3/30/10 9:35 AM
"The hack involves Internet Explorer 6...

Microsoft has yet to patch the hole in IE 6..."

Those are the facts then? Because I won't even let IE be opened on my computers. It's Firefox or Chrome for me.

What I want to know is if there's anything I can do to prevent this in my future. Both my old and my new password are ridiculously hard to crack, nonsensical numbers and letters and such. I was sitting there as it happened, getting 57 bounced e-mails out of hundreds, many of whom were bosses, managers, coworkers, professors, etc.
Re: Argh spam sent from my email address, hacked? bkc56 3/30/10 10:03 AM
Those are the facts then?

Well, there's more than one way to hack an account.  Nothing says your account were compromised by the same methods referenced in the above article.  I just get a bit impatient when statements are made blaming one vendor for a problem that is actually related to something totally different.
Re: Argh spam sent from my email address, hacked? JohnW2 3/30/10 10:04 AM
If you use the same password for any other services, your password stands a good chance of being stolen, and then it doesn't matter how strong it is!!
Keep your password UNIQUE to Gmail - in the same way you should do for any electronic banking facility.

There are four ways to 'lose' your password's security - Keyboard logging, packet sniffing, using the same password on other sites, and using an insecure guessable password. Then it doesn't matter which browser you use!
Re: Argh spam sent from my email address, hacked? Caitlin07 3/30/10 10:14 AM
JohnW2 my password was unique and nothing shown up with all manner of anti virus/spyware/hijack this logs etc which I ran in addition to my usual antivirus, firewalls etc. I only use firefox and on mine there were no changes signature or vacation just purely the spam.
Re: Argh spam sent from my email address, hacked? JohnW2 3/30/10 11:26 AM
@Caitlin07  -  All your anti-virus/spyware/hijack software will do is thoroughly check your PC. But that's not where the problem lies.
You're writing your e-mail on the remote server, and that's where the hackers got in. Your spyware software won't go anywhere near Google's servers!!
Your PC's keyboard and screen are simply "remote tools" for the session on the server, allowing you to *input* characters and to *view* the result.
So where did you find the spam message in your account?

@sharonrenee80 -  I now appreciate why you posted here! From what you and Caitlin have now both indicated, the lack of a Spam deposit gives anew twist to this hijacking.
Until now, they've always deposited the message in Signature (or OoOResponder) and then enabled the Signature block. Then, when they create a new message, the Signature is automatically inserted (which carries the unwanted payload) and they simply Send. They used to delete the entire Contacts list as well, forcing you to rebuild from scratch, and perhaps collecting new addresses in the process! Perhaps they're being cleverer these days, and they just harvest the names/addresses to sell on to others: certainly there's far fewer instances of the loss of the Contacts list!!
By the bye, please make sure your Recovery address is up to date, and - if you have a Mobile number - add that so that if anyone tries to get your password reset, then Google can let you know using that number.
Finally, keep an eye on the account using the Details link at the bottom of the webmail page. It'll show if anyone gets into your account, and allow you to terminate their session, followed by another password reset!!
Anyway I hope this helps!!
Re: Argh spam sent from my email address, hacked? Caitlin07 3/30/10 11:53 AM
JohnW2 the spam was sent to all my contacts(as my opening message on the thread) and was shown in my sent box. I suppose not lsing my contacts I've been lucky but has left me feeling very apprehensive re security, I've liked to have gmail as an online store and back up :(
Re: Argh spam sent from my email address, hacked? aemSA 3/31/10 4:12 AM
Hi.   Ok, this is really scary.   this spam sent from my address was titled: Good news
and read
 
Dear Sir
New month has come. rictrade will give you a surprising gift from
April. All products will be sold at 15% - 30% discount. Good quality,
quality of service, but more preferential price. The promotion will
last only 45 days, from 1 April to 15 May, 2010. Browse
www.rictrade.info  today!
Best wishes!
 
I'm not the best at IT, and I'm terrified this is going to happen again.   Its a career disaster!  I have done all that you have recommended, ie changing passwords etc and checking the settings...but many of you say it happened again.  Does this mean these people now have my contacts?   How do I prevent this occuring again?   I'm not sure what this 'malware' is, and do I need it for just an e-mail account?   Does it work with McAfee anti-virus?
 
Thanks
 
They got onto my account in China as well.
Re: Argh spam sent from my email address, hacked? aemSA 3/31/10 4:14 AM
ps.   As a non IT person, I feel very abandonded in this entire thing.   It would be nice to call someone and be able to speak to them!!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 3/31/10 9:02 AM
aemSA,

Events like this are not specific to Gmail and are not specific to a particular vendor. It is a common occurrence every day for every kind of online website. The most popular websites get the most attention simply because they have a larger user base, so when a small percentage of those compromised talk about it, it tends to be a larger crowd.

If you're looking to talk to someone about this issue, you can look up any PC Specialist in the phone book. Again, this isn't a problem with Gmail... it's a problem with the Internet as a whole. As long as there are millions of different computers connecting to the Internet through millions of different routes, there are a endless possibilities for hackers to find their way between you and where you're trying to get to.

There is a list of useful tips in this thread which gives a good overview of the things you can do to protect yourself in general, but it's not a guarantee of total safety. Just like driving a car, no matter how many safety precautions you take, you're going to run into problems one day. It's inevitable.

Unfortunately, one of the most common mistakes I have seen is when someone uses the same password at more than one website. No matter how secure your machine is and no matter how impossible to "guess" your password is... if you use the same password at two different websites, you are basically giving the owner of one website your password to the other website. At that point, the security of all of your accounts is no greater than the weakest link. If you must use the same password at multiple sites, the one password which should always be unique and different should be the one you use for email... because once someone gains access to your email account, they can often gain access to all of your other accounts, even if these use different passwords.

Likewise, since your online security is only as strong as the weakest link... your computer can be well protected, but if it is connecting wirelessly via anything but a WPA secured access point (or WPA2 if available), then you're opening yourself up to potential problems.

I have seen it all. I've seen someone who spent hundreds of dollars on top-of-the-line Internet security products, only to find out they connect to the Internet "for free" by connecting to a wireless access point that shows up in their apartment complex. I've seen people check their email or do their banking inside of a Starbucks by merely scanning for wireless connections inside of Starbucks, finding one called "starbucks", and connecting to it without asking questions. I've seen some cases of someone who had top-of-the-line Internet security products, but who received a notice from Facebook or UPS asking them to login or verify their password or run the attached file and as long as their security product doesn't throw a warning, they think their protected. These security programs can only protect from a majority of attack vectors... not every single one... not very new ones... and not ones which have not proliferated widely yet. These security programs also cannot protect against social engineering or attacks which take place between your computer and the dozen or so hops the communication takes place between you and your destination.

So, if you feel "abandoned", I would recommend contacting any local computer specialist shop and ask for an evaluation of your system or your connection. Beyond that, there isn't much else that can be done.

Re: Argh spam sent from my email address, hacked? TomerA 4/1/10 3:23 AM
I been monitoring this thread for a few days now and I just saw that JohnW2 is profiling the attack so I'll just add an exact description of my case: on 3/24/10 14:00 (Israel standard time) my e-mail sent a link to a "www.shopcnwrf.com" To many of the people in my contact list (but not all). As far as i can see, no contacts were deleted. The spam message was in my sent items. I checked everything that was posted here but had no out of office reply, auto forward or anything of that sort, someone just logged into my account and sent an e-mail. At 16:00 (about two hours after the attack) I tried to use the "Last account activity" but only saw things which happened after 15:01. I contacted ab...@gmail.com asking if I can see some earlier activity and by the next day I got a message on top of my account saying that: "We believe that your account has been hacked" (or something of that sort). I checked again the account activity and saw that my account was accessed From China (115.49.96.200).

This is very embarrassing to me as I work in the data security industry and this has been sent to friends, employees, colleagues and professors. I believe that Google knows more than it tells us as we all know that some accounts has been hacked in China (meaning Chinese government has the ability to hack Gmail accounts) and the new "we believe your account has been hacked" has suddenly appeared after this event (which was on a pretty large scale in terms of spam attacks). It doesn't matter to me if the backdoor used is Microsoft's, google's or even due to my own stupidity, if Google would share more of the information it has (such as the scale of the attack, dispersion of affected accounts, was one IP address used for the entire attack or may and to whom do they belong) it would allow people to do some damage control and future damage prevention.

Personally, I believe that this attack was carried by delegates of the Chinese government as a response to Google pulling its services from China to Hong-Kong. I hope I'm wrong about this and that this won't get escalated to a new cold war or something.
Re: Argh spam sent from my email address, hacked? heeelpinstantplease 4/2/10 9:47 AM
HELP! I've been hacked or something, someone have sent some spam to someone i dont know who but now im getting mails from persons i've never talked with or anything that are saying i've been reported etc etc, it was my junk email that got hacked i think because its delivered to that and then it forwards to my main account.. but now when i check, the same ip is all over my accounts.. but anyway, this scares the hell out of me!! I get a weird ip adress that logged into my accounts today, its from the netherlands.. Im shaking as hell, i got so much vital stuff in my mail!!  Help, i dont want to get shut down because of this hacker! What the heck should i do?? I've already changed passes and stuff as some guy said you should do in thread before on another computer and i do not dare to log in at my main computer.. help please!
Re: Argh spam sent from my email address, hacked? bkc56 4/2/10 10:20 AM
heeelpinstantplease, read the first page to this thread.  Everything you need to know and do is there.
Re: Argh spam sent from my email address, hacked? kushari 4/3/10 12:53 AM
I think it's a problem with gmail and there is an exploit. The reason being, is I have a mac, and my iPhone, I do not use pcs often, and it randomly started sending out emails, also there is no user history in the ip settings in gmail that were not me. I hope they fix this quickly!
Re: Argh spam sent from my email address, hacked? Mike CH. 4/3/10 3:12 AM
Hi everyone.

I'd like to clarify a few things that people have brought up in this thread.

Firstly, yes we are aware of this problem (very aware!) and have been tracking it for some time. The Gmail team cares a lot about hijacking. We launched the red hijacking bar recently as part of our plan to tackle this problem. You can read about it here:


Although the red bar looks simple there's actually a lot going on behind the scenes to figure out when to show it - and who to.

Secondly, there is no exploit or hack in Gmail that we are aware of. In absolutely every case of this we have investigated the problem was viruses, phishing or password re-use - not a security failure on our side. bkc56 has already posted some good advice for avoiding problems here. In particular I want to stress how important it is to use a unique password for Gmail. Your Gmail password is a super-password that if obtained by a bad guy, can give access to all your other sites. We know remembering several passwords is difficult, but it's impossible to over-state how important it is to never re-use your Gmail password on any other website. We monitor various hacker forums, and there's a healthy trade in password databases stolen from weakly protected websites. If you use the same password on whatever.com as for Gmail and whatever.com gets hacked, it's bad news no matter how secure your own computers are.

Finally, there is no quick fix we can apply on our side unfortunately. The Chinese electronic store spammers in particular rapidly rotate through different text, different websites, different IP addresses and different hijacked accounts which makes catching them difficult. We are working on making Gmail generally more secure against hijacking. The red hijacking bar is one example of that, but we're not done yet. There are more improvements coming that will help you keep your account safe. And Google has several long term projects to make the web more secure for everyone, like ChromeOS.

.
Re: Argh spam sent from my email address, hacked? kushari 4/3/10 12:14 PM
Hi Mike, I really do think there is a security exploit here. The reason being that all recent activity logs, were me. I use a mac so I don't have spyware or malware, and I was out of my house and got an email from my gmail sent to another personal email, that is how i found out. I searched twitter, and found that this is happening to a lot of other people not just me. I really do not think i visited a phishing site, as I always make sure I'm on the correct site. This is why i am so baffled and annoyed that this happened. If you would like to check out my email and account please let me know I would love to help!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/3/10 2:01 PM
@kushari,

Simply saying "I use a Mac so I don't have spyware or malware" is the wrong attitude to have. Macs can have spyware or malware. Spyware or malware is simply legitimate software that does something that you're not aware of and wouldn't have installed the program if you knew it did it. Macs have very good protection... don't get me wrong... but they're not 100% safe.

Secondly, these emails that are coming from your account... are they in our SENT box? If not, the emails really aren't coming your account and are spoofed. If they are, you might want to check your filter settings and redirect settings and vacation auto-responder settings, etc... If there's nothing there, there is a possibility that the person infiltrating your Gmail account is doing so NOT on your machine... and NOT in your Gmail account... but by getting IN BETWEEN. You might want to check or double check your router, wireless access points, or think about the ISP you are using.

In any case, simply thinking that your machine is 100% safe because it is a Mac is not the right attitude to have these days.

Re: Argh spam sent from my email address, hacked? kushari 4/3/10 2:16 PM
@BIGELLOW I know that using a mac doesn't make it 100% safe. However I said that I do make sure i am not phished, I'm a pretty advanced computer user. While no one is perfect I do believe that I did not get phished. Also the emails are in my sent folder so they were sent from my gmail account. Also my computer has recently been formatted so the risk again that it is spyware or malware is really low. Also nothing in my filters or vacation auto responder is out of the normal I had already checked. When I checked the recent activity page, at the time of the emails being sent no one was logged in?!! Only afterward when i logged in to see what was going on. I am connected using a cat5 cable so no wireless access point is the issue. My router is secured with multiple protection methods, however I don't see how it could be the ISP. If you check again the twitter search function (i say this because it shows trends) a lot of people are being affected by this. I really do think its a new exploit in Gmail, otherwise there would be a simple explanation such as a phishing site etc.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/3/10 2:49 PM
@kushari

Phishing has nothing to do with what I said.

In any case, an exploit in Gmail isn't the only explanation. I think that's the problem is that everyone is jumping to conclusions.

I think the only common thread is that the hackers are ramping up their activity and Gmail is a popular service. Hotmail accounts get hacked every day, but nobody bothers to mention this because most use Hotmail as a secondary spam-filled account anyway.

There very well could be an exploit in Gmail... but making this slim chance sound like the only possibility... would only lead others who are unsafe with their practices to just jump on the "it must be Gmail" bandwagon, and carry on thinking that Google needs to do something about their unique situation.

Each case should be treated on a case-by-case basis, rather than pointing to a common thread and misdiagnosing the problem.

In any case... after you changed your password, has it happened again?

Re: Argh spam sent from my email address, hacked? kushari 4/3/10 3:16 PM
Hey BIGELLOW, the reason I say it is probably something in gmail, is because not only is it happening to a lot of people, but under the Recent activity it only lits my actual logins, with no other strange IPs. Also I have had gmail since it first went beta in 2004 and I have never had a problem until now. I am would like to say I am cautious and know what I am doing. While no one is perfect I do think that I did not fall into any traps or sent out my password or anything. Even on Hotmail the years prior I never got hacked because my cautious ways. At first I did not change my password because I think it was gmail,  and nothing happened again, (another reason i think its an exploit). However I changed my password just in case. The reason I don't think its a case by case basis is because this is happening to many people at the same time, and the same thing is happening. If it was something like someone going to a phishing site and entering their password I could totally understand, but all of a sudden my email starts to send out spam when I was not even logged in and I was out of the house? That seems very suspicious to me.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/3/10 4:00 PM
@kushar,

So far, you are the only one reporting no unknown IP address appearing in the access list. Nearly every other report shows that someone from another region did, in fact, access the account and the IP address is shown.

This is why I feel your particular case shouldn't just be lumped in with the countless others being reported... because yours is different from the others. Likewise, whatever the cause is in your particular case is likely not the cause of everyone else's problems. So, by categorizing yourself like others... or others like yourself, key differences will be missed and poor assumptions will be made.

So, this happened to you once... you didn't change your password, but it still didn't happen again... then you changed your password just in case, and it still hasn't happened again? I'd say that there isn't an issue in your case, then. Whatever "attack" was used in your case clearly can't be easily repeated, or else it would have been. Perhaps, in your case, it might have been that you visited a legitimate website (which happened to be infected) shortly after checking your Gmail. In this case, while it may be an exploit that would exist in Gmail and should be fixed, the bigger problem was the legitimate website which happened to be infected.

If this happens to you again, I would definitely pay attention to any key patterns... such as a website you visit each time... if this doesn't happen to you again, then it's safe to say you aren't affected like everyone else. Most who are reporting problems are having spam messages sent repeatedly from their accounts, on an almost regular basis, even after they try changing their passwords. My guess, in these cases, is that their machines themselves are infected.

I just want to reiterate that I never meant to suggest that you fell for any traps (this would like be phishing, and I never mentioned phishing)... that you sent out your password (this would be too easy)... or that it had anything to do with anything you COULD be cautious about. Sometimes, bad things can happen to someone who is regularly being cautious. Using the Internet is like driving on the freeway. It doesn't matter how good of insurance you have, how safe of a car you drive, how excellent of a driver you are, etc, etc, etc... sooner or later, simply based on statistics and probability, something unfortunate WILL HAPPEN. It doesn't need to be because you made a mistake or didn't take all the right precautions... sometimes the fault can lie entirely on something completely outside of your control.

Re: Argh spam sent from my email address, hacked? kushari 4/3/10 4:06 PM
True, Thanks for being positive, hopefully it won't happen again, I would like for someone working at google to be able to see though, maybe I can't see the Ip addresses that logged in, while they can from an admin perspective? it happened at about 2:04 am EST today.
Re: Argh spam sent from my email address, hacked? brrngtnlee 4/4/10 4:35 AM
i have just had the same issue all my contacts were sent a link for a online pharmacy when my computer was turned off just did a complete virus scan and malware bytes nothing showed up. I have just changed my password and all the emails are showing in my sent box. this is a copy of one of the links that was sent. I dont have a red bar at the bottom of my email account.

http://sites.google.com/site/dghh54erj/cqvv6l 



Re: Argh spam sent from my email address, hacked? Corbin92 4/5/10 6:12 AM
I am having the same problem. My ex girlfriend reported that I was sending blank email messages. I need this fixed because everyone is asking me "Who is this?" or "What do you want?". I felt like I was hacked, but iof it is a Google Maintenaince Problem, please fix it ASAP! This is concerning me.
Re: Argh spam sent from my email address, hacked? TomerA 4/5/10 7:16 AM
@Mike CH, We know that Google has left China due to some activist's mailboxes that were hacked. Could you elaborate as to how do you know that the same trick was not applied in this case?
Re: Argh spam sent from my email address, hacked? LKYoung01 4/5/10 7:27 PM
I am sad to report that I to was a victim of hacking as well, apparently someone using a Polish mobile device sent spam consisting of a suspicious URL to all of my contacts. The email had no subject, just sent some URL (forget exactly, didn't save the URL from email) neipubla.com or something similar. I did not see a copy of the sent spam email in my sent folder, but did find two instances where the email the hacker sent bounced back from sending to outdated contacts in my list in the spam folder.

I've scanned my computer thoroughly with several different anti-virus and anti-malware programs (Avast Anti-Virus, Spyware Doctor, Hijack This, all up to date), all come up clean. My account that was hacked had mail forwarding enable (I have 2 gmail accounts, one forwards mail to the other, I received the spam on my other account that I had my mail forwarded to as it was a contact in the hacked account contact list and that is how I caught the hacker) and pop mail enabled as well. I have since disabled all mail forwarding and pop mail on both my accounts, not to mention follow all the safety recommendations already posted on here. Were they able to hack me just because I had pop mail enabled? My password was quite strong and not easy to guess. I also use Firefox as the only web browser to open up Gmail, and with No Script, Karma Blocker, and WOT add-ons installed. My OS is Windows 7 64-bit, completely up to date in patches.

Needless to say, this has me quite shaken up, as I make GREAT effort to keep my computer secure. It was also very embarrassing to explain to my contacts that my account was hacked and sent out spam.

So is there some sort of flaw that if you have popmail or forwarding enabled it makes your gmail account more susceptible to hacking? I REALLY do not want this to happen again. I appreciate your hard work in investigating this problem, but please don't rule anything out as with others I believe it is possible someone is hacking the actual email servers. Would you also mind listing the viruses/trojans you have found specifically to be the cause of these gmail hackings? Like I said after several checks my computer comes out clean, but maybe if I had specific things to lookout for I can find it if I have it.

Thank you in advance.






Re: Argh spam sent from my email address, hacked? Mike CH. 4/6/10 9:20 AM
Kushari, I checked your account and it has been hijacked. You need to follow the standard post-hijacking procedures that have been outlined elsewhere in this forum. I don't know why the bad IPs are not showing up for you, but the hijackers aren't accessing your account regularly so I suspect by the time you checked you had enough recent accesses to push the hijackers out of the list. Bear in mind hijackers can configure your account such that they can still be mailing from your account without actually logging in, so check your forwarding/pop3 fetching settings and your filters.

We do understand that hijacking is distressing and it can be hard to figure out how it happened. Sometimes it's hard for us to figure it out too! But I would like to re-iterate that at this time, we do not believe there are any security flaws in Gmail that allow hijacking. 

You can lose your password without even being aware of it - hijacking isn't your fault. However we can't help everyone individually.

The most important thing is to follow the advice bkc56 posted earlier in this thread if you believe you have been hijacked. The chances are good that the problem will not re-occur.
Re: Argh spam sent from my email address, hacked? princess2003 4/6/10 10:51 AM
I had the same thing happen to me except mine had a link attached to it that said something with kodec sharing files. It went to everyone in my contact list. The subject field was empty. The emails were all sent while I was sleeping. & because some of the email address don't work anymore, the email is  trying to resend them up to 3 times to that person.
Re: Argh spam sent from my email address, hacked? robk762 4/6/10 2:34 PM
Hello Google - please look at these websites/phishing emails for possible fraud. 4 Emails today, all in my address book, all from hotmail accounts to me.

I run a Mac, 10.5.8, fully updated, virus checked. No doubt some spybot or something but please look into these sites. thanks google.


date6 April 2010 20:51
subjectGood website!
mailed-byhotmail.com


Hello!How are you recently?
I would like to introduce a good company who trades mainly in electornic products.Now the company is under sales promotion,all the products are sold nearly at its cost.They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you!It is realy a good chance for shopping.just grasp the opportunity,Now or never!The web address:hyahyo.com










to
date6 April 2010 21:19
subjectGood website!
mailed-byhotmail.com

hide details 21:19 (1 hour ago)

Hello!How are you recently?
I would like to introduce a good company who trades mainly in electornic products.Now the company is under sales promotion,all the products are sold nearly at its cost.They provide the best service to customers,they provide you with original products of good quality,and what is more,the price is a surprising happiness to you!It is realy a good chance for shopping.just grasp the opportunity,Now or never!The web address:hyahyo.com

date6 April 2010 15:33
subjectDear friends:
mailed-byhotmail.com

hide details 15:33 (6 hours ago)

Dear friends:
I am willing to give you a big surprise:   stotobay.com 
I bought an Canon XL2 3CCD MiniDV Camcorder a week ago from this site. Now, I have been received. This product quality is very good. They also sell mobile phones, television sets, motorcycles and so on. By the way, they are mainly new and existing product sales, they have a lot of good ideas. Now, many companies are promoting their products.  stotobay site is also very competitive price. If   you need these products, you can look at.
Hope you can enjoy yourself in shopping from that company !
Greetings!

date6 April 2010 11:58
subjectDear friends:
mailed-byhotmail.com

hide details 11:58 (10 hours ago)

Dear friends:
I am willing to give you a big surprise: eletopic.com
A week ago I bought a Canon XL2's 3CCD DVD camcorders from this site. Now, I have received. The product quality is very good. They also sell mobile phones, televisions, and motorcycles. By the way, they are mainly new and existing product sales, they have many good ideas. Now, many companies are promoting their products. eletopic site also very competitive prices. If you need these products, you can look at.
I hope you can enjoy from the company's shop!
Hello!

Re: Argh spam sent from my email address, hacked? JCavalheiro 4/6/10 6:26 PM
Hi , This message was sent to EVERYONE in my inbox- My boss, my parents, my great grandmother etc
HELP- this is ignoring and frustrating to say the least.
My password is not an easy one to guess...
Thanks
JC

Date: Tue, 6 Apr 2010 20:09:15 -0400
>> Subject: ~~Hi~~
>> From:MMEEEEEEEEEEEEE
>> To: %%%%%%%%%%%%%%%%%%% 
>>
>
Re: Argh spam sent from my email address, hacked? LKYoung01 4/7/10 2:10 AM
I found the URL to report hijacked YouTube accounts, is there something similar in place for hijacked Gmail accounts?

Also yesterday morning when checking my email, noticed something strange, got a message from NoScript saying: "NoScript filtered a potential cross-site scripting (XSS) attempt from [https://www.google.com]. Technical details have been logged to the Console." That's the first time I ever noticed that happening on Gmail, weird fluke I hope? This happened around 5:30 am CST 4/6, about 24 hours after my account got hacked. And it only happened for my Gmail account I had hacked, when I logged into check my other Gmail I did not got such a message from NoScript. I copied and pasted ALL the errors from the console to a notepad file. The most interesting error was "[NoScript XSS] Sanitized suspicious request" and the URL seemed to be the URL used to login to Gmail? I don't want to post it here but if there's somewhere I can submit or send this to the Gmail team I would be more than happy to share it.

I also found in my spam folder 4 delayed delivery emails so I now have the actual URLS that the spammer sent out. Both have poor WOT ratings so I'm sure they have some viruses and trojans on them so I won't post them publicly.

Thought I'd share this new info, and if there's an official place to submit a report about having your Gmail hijacked, please let me know! I have taken the precautions to secure my account, I am just wanting to know if Gmail is keeping up with who's been hijacked so I can submit what happened to me. Thanks!
Re: Argh spam sent from my email address, hacked? subduedprincess 4/7/10 5:38 AM
This virus is going around again, I see.

Subject: ~~HI~~

Body: (link to a google site - virus)

Changed my password first thing this morning... hope none of my contacts clicked the link...
Re: Argh spam sent from my email address, hacked? Watermolenwal7 4/7/10 6:52 AM
My original Gmail email account (bartDOTdemaertelaere, replace the DOT by you know a dot) got hacked a couple of days ago (password changed), but far as I know no spam is being sent from it (I hope).

I've already went over all the links to get my password resetted, but the password reset mail does not arrive in my other emails inbox (unless the hacker changed that as well, which I fear).
Filling in the form (10 times already) on two other email addresses (my company one and a backup Yahoo one) always gives me the default automated answer that they can not be sure that the account is mine......

Maybe MikeCH could give a hand here?
I use that account a lot and it has a lot of relevant info on it that I need to get hold of again.


Also due ot that my Facebook account got hacked (password change, but othing weird happening with it), what I do know is that my password reset mails are being sent to my original Gmail account. So if I could get my Gmail account back I could at least get my Facebook back as well.

Help pls.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/7/10 7:02 AM
@LKYoung01



Re: Argh spam sent from my email address, hacked? jpsesq 4/7/10 8:07 AM
Same thing happening here.  Spammed all my employment contacts. 
Re: Argh spam sent from my email address, hacked? Vnauta 4/7/10 10:57 AM
Hy all,

I've also been hacked today, Same as some others here. Someone send everybody of my contact list an  email containing a link to a site.
There where 4 different email's send. All are the same except the link adress in it.

http://sites.google.com/site/bertrgtvt5/tked7n
http://sites.google.com/site/nve45e/catk7d
http://sites.google.com/site/dcf76tuvh/unfo8f
http://sites.google.com/site/h45ce4tcg/lxlv8t

I clicked on them and they all look the same to me when opened. I don't know if it's harmful. Now virus engine alert or pop up's or anything.

I was driving home at the time all the emails where send. When I discovered it I immediately checked recent activity's and the folowing IP adress popped up

Gmail mobile, Italy (87.11.92.134), 16:22 <-- that's a minute after the last one was sent, also I live in the Netherland.

I hope it's helpful. I did change my password immediately by the way.

greetings,

Vnauta
Re: Argh spam sent from my email address, hacked? KC37 4/7/10 10:23 PM

I also had my e-mail hijacked this morning.  It was also from a mobile in Italy.  It only got thorugh to about 1/3 of my contacts and it was a link to a Canadian Healthcare/Pharmacy site.  I have never had this happen before.  I did change my password and checked the other settings that were recommended by Google. 
 
Here it is without the names and addresses: 
 
MIME-Version: 1.0
Received: by 10.231.119.82 with HTTP; Wed, 7 Apr 2010 04:50:51 -0700 (PDT)
Date: Wed, 7 Apr 2010 04:50:51 -0700
Delivered-To:
Message-ID: <n2q342cfc721004070450xd72d56an40ed38d7f9b7041a@mail.gmail.com>
Subject: ~~Hi~~
From:
To:
Content-Type: text/plain; charset=ISO-8859-1

http://sites.google.com/site/def6rfigu/acrl2t
Re: Argh spam sent from my email address, hacked? Betelgeuze 4/8/10 3:40 AM
While I was sleeping SPAM mail was send to my contacts with my email, just like you read from other people in this topic. Many mails were not delivered but I'm sure a lot of them did.

I dont think there's a virus on my computer, Im using a Mac and as far as I know its a very secure system and mostly not targeted with virus and spyware.

I've changed my gmail password now.


The mail said: 
Dear Sir
New month has come. Mooiaa will give you a surprising gift from April.
All products will be sold at 15% - 30% discount. Good quality, quality
of service, but more preferential price. The promotion will last only
45 days, from 1 April to 15 May, 2010. Browse   www.mooiaa66.info
today!
Best wishes!


Re: Argh spam sent from my email address, hacked? vishal182 4/8/10 7:03 AM
It happened to me too.... So many mails have been sent to all ppl in my contact list... here is the website link which was part of the email body....Guys i think it is high time that u have to look into all these... i know u guys are working hard... but please.. this is very important.


http://sites.google.com/site/bgnh8muhi/xjgb1e
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/8/10 7:12 AM
1) It's a bad idea for anyone to click any of the links found in these emails. The sites found at the links themselves could be infected and might infect you.

2) To be properly considered, these instances should be reported via https://mail.google.com/support/bin/answer.py?hl=en&answer=50200

Re: Argh spam sent from my email address, hacked? thedogma 4/8/10 7:51 AM
My account was hacked last night. I treid password reset, but it's been so long ago since I signed up for gmail, that the original email addy I used is unknown to me. I have no SMS accessiblity, so no way to get a text message to me either. The online google accounts form asks me to remember stuff from 6 years ago...like who sent me the invite to gmail in the firts place, and other stuff, like frequently emailed addresses...of course I have non eof this memorized! I trusted my google account to remember everything for me. but I was able to provide some unique indentifiers I think. Anyone else go through this process? I'm locked out of my email, and of course, I use it for business contacts, as I have an online sales thing-y. I'm about to pull out my hair. How long does it take goggle to get back to you on this? Any other suggestions? if they just had a damn phone number...or if the form had an additonal info column so you could tell them a cell phone to text to. but NO!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/8/10 8:00 AM
@thedogma

If they had a column where you could provide a cell phone to text to, I could put in my cell phone number and get access to your account. This is why they don't have this.

Unfortunately, the nature of the Internet is that this stuff happens. People aren't as safe in terms of privacy and security online as they are in the offline world (though some would argue that most people aren't as safe in terms of privacy and security in the offline world as they *think* they are).

The best way to ensure these types of problems do not adversely affect you is to remember these details, record them elsewhere (in a safe place), and to store an alternate email email address (which you continue to have access to) in your account for password recovery.

As soon as you gain access to your account again, I would recommend visiting this page:


Then, keep all of the information on this page up-to-date.

Re: Argh spam sent from my email address, hacked? thedogma 4/8/10 8:30 AM
MIKE CH--can you help me?  HELP

 I really need to re-access this account and make it secure again. I can give you an SMS contact number...did not have one at sign up. ( or maybe I did, but as I said, that was YEARS ago!) I can also give you an email addy to send me to the secure site for verification. It's kimje...@hughes.net. I am desperate. I have had an ADwords account and am afraid they can get into my bank account as well. I have filled out all the forms...I need help. I keep checking the hughes.net addy and nothing from google.



BIGFELLOW; thanks for the reply. I would do all those things gladly, but cannot access my account at all. I need someone on their end to help with that. I did send an email on their form, and hope that they got it and will get back to me. But they wanted so much specific stuff from so long ago, I fear the worst. I had an alternate email addy, but it was a yahoo address long forgotten, I signed up with gmail years ago. But I have  a lot of google account stuff too...and that scares me, including an Adwords account, which I cannot access .

They've also hacked into my Fb account.
Re: Argh spam sent from my email address, hacked? thedogma 4/8/10 9:01 AM
Mike CH

I just got an email fro google saying they can't verify  me...I can't believe it. YEARS AND YEARS of my stuff, and they have no way to verify me 'automatically'. How about a phone call? I can verify my adwords account that way. I don't know what to do.

If google can''t help me, I am switching to another email provider and going to stop using adwords.

Kim
Re: Argh spam sent from my email address, hacked? bkc56 4/8/10 2:59 PM
thedogma, if the first attempt with the account recover form doesn't work, keep trying.  I've seen people report success after as many an 9 tries.
Re: Argh spam sent from my email address, hacked? genosmiles 4/9/10 12:30 AM
this link (http://www.foxnews.com/scitech/2010/01/18/google-exploit-leaked-internet-security-experts-urge-vigilance/), posted on this thread, appears to link to a phony site (or one that has been hijacked). the poster may not be aware of this, so no accusation.  i tried opening the link several times. each time internet explorer froze up (program not responding) and at the bottom where the browser activity is noted, it said "attempting to download data to computer."
Re: Argh spam sent from my email address, hacked? john.paul.manahan 4/9/10 12:52 AM
romGmail Update <ver...@gmail-finishing.com>
reply-toGmail Update <infoacco...@gmail.com>
to
dateThu, Apr 8, 2010 at 11:59 PM
subjectAlert: Final Warning!!!

hide details 11:59 PM (15 hours ago)

Due to the anonymous registration of Gmail accounts so we are shutting down some accounts that are not updated regularly.We are sending you this Email so that you can verify and let us know if you still want to use this account..

User Name:
Pass word:
Birth date:
Country:
 
Warning!!!! Account details not received within 72hours will be automatically shut down and closed permanently.

- The Gmail Team


Did you get this email?
Re: Argh spam sent from my email address, hacked? Ujjal 4/9/10 6:57 AM
Hi All,

I just want to find out from this forum if I can do something about the spam that originated from my gmail account yesterday to almost every body that I may have interacted in the past thru gmail. The spam looked similar to some posted here :

"I get good news. rictrade now has a big promotion..."

I had just been to Thailand last week and accessed internet thru Wifi provided my by hotel (i think it was unsecured with no WEP security). Some people have suggested that some hacks have taken place from IP addresses in China, but I have no way of telling that.

I have changed my gmail passwords immediately but any other suggestions people are following would be greatly appreciated.

-Ujjal
Bangalore, India
Re: Argh spam sent from my email address, hacked? bkc56 4/9/10 10:58 AM
john.paul.manahan, that's a phishing scam, ignore it.

Ujjal, check out the "popular answer" on the first page of this tread for a list of things to do to re-secure your account.
Re: Argh spam sent from my email address, hacked? themaelstorm 4/9/10 12:58 PM
Greetings, I had the same problem. Thanks to gmail tools I've found the IP address. 
My account was accessed Mobile from Romania by 79.117.248.204. 

According to http://www.ip-adress.com/ip_tracer/79.117.248.204 this is the info, not sure how to get more info.


IP address [?]:79.117.248.204 [Whois] [Reverse IP]
IP country code:RO
IP address country:ip address flag Romania
IP address state:Prahova
IP address city:Ploiesti
IP address latitude:44.9500
IP address longitude:26.0167
ISP of this IP [?]:Romania Data Systems
Organization:RCS & RDS S.A.
Host of this IP: [?]:79-117-248-204.rdsnet.ro [Whois] [Trace]
Local time in Romania:2010-04-09 22:55



I have a question to ask. Do merely opening e-mails expose me to any security problems? Becouse yesterday I opened some spam mails. I did not open any links on them, just opened the mail to read what was inside.

Best regards
Re: Argh spam sent from my email address, hacked? bkc56 4/9/10 1:43 PM
themaelstorm, while not a guarantee, simply opening a spam message typically isn't a problem (although I have the auto-loading of images turned OFF in my account).  The real risk comes in if you click on links or open attachments.
Re: Argh spam sent from my email address, hacked? dunn74 4/9/10 4:52 PM
I've read most of this thread, and thought I'd add my experience to the (growing) list.

6:01 to 6:04 today, emails were sent from my account to everyone I have contact with (not just my "official" contacts list).  The messages are in my sent email folder, so I know it wasn't just a faked "From" header (which happens all the time anyways and doesn't bother me too much at this point).  The emails were just links, and there were a variety (http://GrenvilleMannion1928.co.cchttp://SheaLabine7198.co.cc, etc.).

I have a "Strong" password, don't visit warez or porn sites, would never all for phishing, and am the only one who has physical access to this computer.  I assume it was a brute-force attack, probably against a bunch of addresses on a bunch of machines, and they got lucky on a few (mine, at least).  The only question I have is: after performing the routine changes (changed pass, updated secondary email, confirmed signature was clean, etc.), should I now be "safe"?

Not to disparage google or gmail (who have a ton of great, *free* stuff), but I've had my gmail account for only a couple years, and use it only for personal stuff.  My "junk" address is on yahoo, and I've had it for almost a decade, and have had my work address for about 7 years.  Gmail is the one that gets spoofed *daily*, spammed massively, and hijacked.  No email address I've ever had has been spoofed to my knowledge, nor hijacked, and spam is infrequent at best.  Maybe the hijackers and spammers target gmail accounts, and it's no fault of googles, but I thought I'd share the info without passing judgement.

Thanks.
Re: Argh spam sent from my email address, hacked? SN 4/9/10 5:22 PM
Hi Dunn74,

Based on your limited explanation, I'll presume, though really have not idea to be honest because I don't know enough about your specifics, that your Gmail credentials are vulnerable because you exposed them somewhere on the Internet.

Another possibility is your computer is not secure; vulnerable to hijackers.

The best advice I can give is for you to become as knowledgeable as possible about protecting your Gmail and computer; after which can set your own personal safe guidelines and practices for yourself; also, if something negative does occur in the future, then you will have a very good idea when, how, and why.

Gmail has lots of good reading about how to safeguard your Gmail and computer at the privacy and security articles located at the help link on main page.

To answer your question: No, you are not safe until you discover how your Gmail was compromised and end the practice.
Re: Argh spam sent from my email address, hacked? tipacope 4/9/10 5:26 PM
I got hit by someone spamming my contact list, claiming "I" was stranded in London after being mugged and asking for "1,200 pounds". Worst of all they rigged it so that (the real) I cannot log in to my account. My beef is with the process Google uses to discern whether or not it is me trying to get back into my own hijacked account. I mean does any body really know the month, day and year that the opened their account? Who knows by rote the exact email addresses of more than a couple of commonly used contacts... I DO know who invited me into the fold and that I used iGoogle and Talk briefly, but Google is asking me WHEN? Hell, sometime around 2007.
Why not just ask me my dang security question.
Sheesh, I've been getting calls and emails from contacts all day asking me how I like London.
By the way, I had to open THIS account today just to reach this forum. If I ever get access to my compromised account I'm going to close both of them after I check my mail (I was expecting something important) and after I export my contacts.
Ridiculous process.
Re: Argh spam sent from my email address, hacked? subduedprincess 4/10/10 7:53 AM
So I clicked on "last account activity" and it came up with this weirdness (below). I imagine that's where the spoof or spam or whatever you want to call it originated, since I was not in Brazil three days ago. 

MobileBrazil (187.21.133.103)Apr 7 (3 days ago)
Re: Argh spam sent from my email address, hacked? hrjob 4/10/10 10:30 AM
I found funny activity and when I clicked on "last account activity" , I have never been to Romania




Mobile Latvia (62.85.16.116) 11:39 am (1 hour ago)
Mobile Romania (79.116.43.94) Apr 8 (2 days ago)







Did change my password. Are the google people doing anything about it??
Re: Argh spam sent from my email address, hacked? Ujjal 4/10/10 12:45 PM
@themaelstorm :


>> Thanks to gmail tools I've found the IP address.

Can you please tell me how do I do it.

-Ujjal
Re: Argh spam sent from my email address, hacked? kushari 4/10/10 6:03 PM
Ok there must be something wrong with gmail seriously. It is asking me to verify the capatcha and it tells me my password is incorrect when I know it is correct. It then worked the second or third time. And now anytime i reply to an email i get the following error.
Delivery to the following recipient failed permanently:

    exa...@gmail.com

Technical details of permanent failure:
Message rejected.  See http://mail.google.com/support/bin/answer.py?answer=69585 for more information.
What is going on?
Re: Argh spam sent from my email address, hacked? cono_sur 4/11/10 7:17 AM
My account was hacked this morning at 7:01 AM EDT and an email with the following content was sent to all my contacts. Recent activity only shows the last 5 connections - but by the time I found it, I had already connected 5 times.

Subject: -Hi-
Body:
http://sites.google.com/site/poiuy76ytgfde/dovx6v

It's also odd that just last night, Facebook told me that my account had been phished. Could it be related?

Re: Argh spam sent from my email address, hacked? K-Arab 4/12/10 10:41 AM
On Sunday Apr 11 @ 3:23 am, I was asleep and my wife was up studying and suddenly she was notified that she got an e-mail from me on her g-mail. She checked it and apparently someone got hold of my password and started sending E-mails to all my contacts, titled +Hi+ or -Hi- and had a link to some pharmacy site. I do not think the site is a virus, its just spam I guess. I was using a Mac. I hope its not a virus site and no one who I contacted got hit by it.
Anyway, my wife woke me up so I logged in, and saw everything was sent from me so I deleted everything. Woke up the next morning to look more into it ans changed pass, security question and same for all my other e-mails, facebook and everything. Nothing has happened since then. I tried to check the IP where it had been accessed from but I had already accessed it more than enough to delete the IP used to hijack my account.

It is sort of interesting to mention one thing, while I was reading posts here, someone said it only happened after he got g-mail on his android phone. Well, I got my android phone as well just a month ago .... could it be related ??

My advice for you if you have the same problem is to change the password immediately for your account and for any online account you have, if it has the same password.


Re: Argh spam sent from my email address, hacked? Kelemvor 4/13/10 4:58 AM
Well, this happened to e last night.  An email went out to everyone I've ever emailed and lots of rejection came back.

I already changed my password and checked everything else but would sure like to know what the hell happened.
Re: Argh spam sent from my email address, hacked? JohnW2 4/13/10 5:04 AM
What happened was that your password has been acquired, and the perps got into your account using that password, perhaps planted a message into your account, and used your contacts to send said message out.
Now the important thing for you to do is to make sure that they can't do it again, and that your account is clear of any other mis-appropriated features!!
See the advice from Brett (bkc56) in several of the answers provided. 
Re: Argh spam sent from my email address, hacked? richdpa 4/13/10 5:38 AM
The same thing happened to me this morning.  K-Arab - it is interesting you said you had an Android phone.  I have one too.  This is the only place that I could think of where an app could have picked up my password.  I don't think we can private message on here but I would be interested to know what apps you have installed on your phone.   
Re: Argh spam sent from my email address, hacked? K-Arab 4/13/10 8:51 AM
Well richdpa, I am not a big app user honestly. I think I have installed a couple only one of them is "fring" but I only installed the skype add-on. I also have the Gtalk already installed, msn messenger and a cool stopwatch :P

What i was thinking, is not that they are taking it using another application, but gmail itself through android. Well here's the thing .... I changed my password to everything i own on the internet.
Games have one password, gmail has 1 password that only me and God know (coz its so long, full of numbers letters (upper and lower case), and everything else has a password which is different than my g-mail's so in case it gets hacked again nothing else is at risk. I also cleared the contact list, just kept some friends ... not everyone i have ever contacted and will continue to be careful how i use it, who i send e-mails too and delete contacts once no longer required.
Re: Argh spam sent from my email address, hacked? bkc56 4/13/10 10:24 AM
K-Arab, I wish more people were as careful with passwords as you are.  It would reduce the problems people see when one account somewhere gets compromised.
Re: Argh spam sent from my email address, hacked? jk2913 4/13/10 6:36 PM
Email messages were sent out of my account earlier today.  I have changed my password but did discover this info when I checked my account activity.
 
 
Mobile Saudi Arabia (212.118.142.230)
Re: Argh spam sent from my email address, hacked? Lynn Jordan 4/13/10 9:22 PM
Yesterday I had my account hacked. All my contacts received the emergency message about being stuck in London.

Google returned my account to me this afternoon. However, all the incoming mail was going directly to trash. I checked all the filters and found nothing unusual. When I checked the forwarding, I found that the email was going to a Yahoo account and the Gmail message were being deleted.

I'm slowly getting back to sort of normal. This forum has been a lot of help. I still have to send a copy of my government ID to Facebook to get that account back.

The advice of having a unique password for Google is great.

Calm down and figure out the answers to the security form. Resubmit as necessary.

Contact all the companies/websites with access information in your email account.

When you get your account back, check all the settings, especially the forwarding and vacation settings.

Good luck, if you are in this same situation.




Re: Argh spam sent from my email address, hacked? doesntmatter2 4/13/10 11:40 PM
I am not hacked, but I got two spams from gmail contacts in one week already. Guess this is going to be big.
Re: Argh spam sent from my email address, hacked? bkc56 4/13/10 11:46 PM
Guess this is going to be big.

I have been following this latest flood since it started last Friday.  It's like the spammers saved up all the compromised accounts and then all at once started using them.  The number of posts about spam and compromised accounts has been WAY up the last few days.

It's dropped off a little since the weekend, but the rate is still going strong.

Yes, it's big.
Re: Argh spam sent from my email address, hacked? jcags436 4/14/10 10:45 AM
Same here - someone took over my account and emailed ALL my contacts telling them I had been mugged in London and requesting money be sent to a Western Union account in the UK. I cannot get in to my account - the password has been changed!!! and the email for the password reset has been changed also!!  I have filled out the recovery form and created THIS new account just to comment.
 
I want to know from Google how someone was able to change my password?? Also why have security questions if they are not used. The recovery form doesn't even ask for it! How do I get this fixed and get my email back??
 
Very frustrating.
Re: Argh spam sent from my email address, hacked? jmayla 4/14/10 11:13 PM
OK, today my account password simply did not work anymore.  i tried and tried, and no i did not forget my password, but i pretty quickly recognized that an unauthorized third party got into my google account and changed my password.  the problem with this is that personal and business information by the oodles is stored in my google docs.  i simply want desperately to put a 'stop temporarily due to suspicious activity' or cancellation on the account in question to protect my information if possible (it has been open to the third party since sometime after 12:30 a.m. march 13th, 2010. 
i tried all of google's options and was distressed to see that account recovery has a password recovery option that seems to send a password change opportunity to the email address that i've been blocked out of as of today.  this makes no sense to me, because password changes are only available with access to my account.  it seems that google is fine with someone like me going through this situation when a simple stop order on the way towards cancellation/deletion would cause 1) the hacker-thief to have to do some work to get access back himself, like jump through identification and verification hoops 2) some level of protection for personal/business information until the issue can be resolved 3) a general impression that google cares about users who didn't know about account security options or suggestions until it was too late and simply need some good old-fashioned help in a serious situation. 
i'm not someone who forgot my own password, i'm an individual who has been taken from in a serious way, and google, as much as it clarifies its policies and procedures regarding the theft of accounts, really is performing abominably in my opinion.  to state that it doesn't collect identifying information and so therefore doesn't have a need for telephone access in emergencies doesn't measure up to the standards of customer service and product value that are warranted. 
i seriously need google to close my account immediately.  will somebody at google please act instead of standing unmoved behind a wall of inadequate policy guidelines?!
Re: Argh spam sent from my email address, hacked? EthanQ 4/15/10 8:22 AM
It looks to me like it could possibly even be somebody at google who is doing this. It would not surprise me in the least.
 
My account was used to SPAM a link to a viagra website.
 
Only certain contacts were spammed, so it was selective... although some were accounts that I haven't sent or received e-mail from in at least a year if not more.
 
I did scans on my computer and nothing showed up.
 
I only use the web interface and nothing was set-up to forward.
 
I disabled POP support and changed my password.
Re: Argh spam sent from my email address, hacked? JohnW2 4/15/10 9:02 AM
@EthanQ - now, come on. Be honest. *Why* would someone from Google want to do that - even if they could gain access to all those accounts?
Don't you think the Security staff at Google would be able to spot this action? 
Those guys love it there. The last thing they'd want to do is put that "job of a lifetime" in jeopardy!!
Besides, Google has actually provided you with the implement to determine where that attack on your account came from - in Details.
Re: Argh spam sent from my email address, hacked? EthanQ 4/15/10 9:30 AM
hmmm... here is all it shows in deatils
 
"dateWed, Apr 14, 2010 at 7:30 PM
mailed-by gmail.com
http://BongBrentari2418.co.cc"
Re: Argh spam sent from my email address, hacked? JohnW2 4/15/10 10:41 AM
Wrong Details!!
Look at the bottom of the Webmail page. Just under the amount of Storage you're using.
Last account activity: xxx minutes ago on this computer.  Details
Re: Argh spam sent from my email address, hacked? EthanQ 4/15/10 11:09 AM
It only shows the last 5 login IPs.. all of which are my IP address.
 
And I don't stay logged in, so doing the stuff today I have logged in/out more than 5 times.
 
 
Re: Argh spam sent from my email address, hacked? kyleoksiuta 4/15/10 2:54 PM
I'm having a similar problem.  Somehow my gmail is sending out mass emails to all my contacts with weird addresses like
http://RhonaMcgibney1595.co.cc .  I've ran several antivirus programs and nothing is found.  As far as I can tell this activity occurred while my computer was in hibernation mode when I wasn't even using it.  Any help google???
Re: Argh spam sent from my email address, hacked? bkc56 4/15/10 3:05 PM
Any help google???

Sure.  Your account was compromised and used to send out spam.

Read the "Popular Answer" on the first page of this thread and do everything is says to do to re-secure your account.
Re: Argh spam sent from my email address, hacked? va2bama 4/15/10 9:32 PM
Those links that kyleoksiuta and EthanQ have posted are the exact same ones that my contacts are receiving plus more with the same co.cc . I did have an IP address listed as a market research company in Chicago, Illinois and I went to the website of the named company and I have never seen that website before 
MobileUnited States (IL) (63.174.175.230)8:04 pm (4 hours ago)


I do have my Ipod attached with my gmail account but I don't think it would show up as a marketing company. The other IP's that are in my details are my own but this was the only funny one. 
Re: Argh spam sent from my email address, hacked? Kelemvor 4/16/10 3:57 AM
Did anyone else buy something from ebay recently and then have their gmail account hacked?  I just realized the same day I did that is when this account hacking took place.  Reason I ask is it was a place that had an automatic payment system that went to paypal for me but I wasn't watching the URL to see where I actually was and maybe they threw something in there.

Just a thought.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/16/10 6:31 AM
I almost wonder if a common thread for most (not necessarily all) is the use of mobile phones to access Gmail. Perhaps what is really being exploited are individuals' mobile phones, perhaps via a bluetooth exploit?

Re: Argh spam sent from my email address, hacked? Patticakes4u 4/16/10 9:01 AM
This happened to me last night....someone had access from France around 11:30 pm my time. I was asleep when this happened. It's good to see the details, but my password was a strong one and it still happened. Details don't really help when it can't prevent it or do anything about it. How embarrassing!! It went out to everyone that I have ever had e-mailed in years!!!!
Re: Argh spam sent from my email address, hacked? K-Arab 4/16/10 9:24 AM
Hey BIGELLOW, I highly doubt it and this is the reason. Yes, I do have my g-mail account on my android phone but I never connect it to the internet. I never go on bluetooth as well. I just use my regular data plan through the phone company.

Hey Pattickaes4u, yeah it is kind of embarrassing, and that is why I went through the list of contacts and got rid of almost every single one. Just kept a bunch of friends and family. Do you use the same password somewhere else ? If yes, you might want to think of separating the gmail password from others.

Anyway, this is what I might be doing on the weekend.
I will be creating a group on facebook to make people aware of this before it happens to them. I hope it will help decrease the occurrence of this issue. I'll try to help as much as I can, and we'll see how it goes :)


Re: Argh spam sent from my email address, hacked? CareyDL 4/16/10 3:16 PM
Tuesday my account was hacked.  It was accessed from Romania at 3:15pm and sent out spam messages to anyone I'd ever contacted.  The messages were all in my sent mail, so I know it wasn't a spoofing.  The spam were various "viagra", "cure excema", "stop hair loss" and so on.  It's possible my password had been exposed the evening before, so I'm not too surpised.  I've changed the password twice, checked the POP and filters, and done everything else recommended.  My question is, are these simply spam attacks are these people after your personal info.  We had recently been emailed our closing package from our Mortgage Broker that included our inital credit requests (not smart, I know).  I've deleted all personal info and emails, but have these spammers been stealing people's info?  I'm setting up security alerts with the credit bureaus, just thought someone may; know.
Re: Argh spam sent from my email address, hacked? va2bama 4/16/10 3:49 PM
I have an android phone also a G1 and also a Motorola Cliq. I don't use the bluetooth function but the email address that was used isn't associated with those phones neither is my Ipod Touch. It's just kind of scary because I have google checkout and I have been checking like crazy hoping my credit card information wasn't shared with anyone. Does anyone know if the gmail team is looking into this?  I would feel better if they were.
Re: Argh spam sent from my email address, hacked? Dignan17 4/16/10 5:50 PM
I was just hijacked this evening, and I have to say that given my support options (there are none), I'm feeling a bit helpless about it all. The only response I hear from other users and from Google's help file is "change your password!"  Seriously?  That's the only advice you can give me?

And the only possibility in all the cases here is that someone got our passwords?  I didn't have a dictionary password, I have NEVER given it to anyone, and I never log into my account from any computers other than my own.

This has soured me, a die-hard Google fanboy, on the company.  It'll take a while before I'm confident in it again.  In the meantime, I'm going to have to seriously consider ceasing to use Google services for my business.  All my clients received spam from me, and I am not happy about that.
Re: Argh spam sent from my email address, hacked? bkc56 4/16/10 6:55 PM
That's the only advice you can give me?

See the "Popular Answer" on the first page of this thread for a more complete list of things to re-secure your account.


Does anyone know if the gmail team is looking into this?

They are, but the only thing I've heard is that it's just "normal" compromised accounts.  As to how they are getting compromised, well, they don't tell us TCs much.
Re: Argh spam sent from my email address, hacked? Joshua 4/16/10 7:47 PM
Google can't tell you exactly how your password was stolen, because there are many different ways it can happen. But @Mike CH is pretty explicit in his response listed at the beginning of this thread: the most common issue is using the same password on gmail as on another website or otherwise entering your gmail password on another website.

Certainly if you don't trust google, then you should find another service. But this exact same attack hits all the big email providers, and there is no evidence that it is related to any flaw in the service providers. All evidence points to this being password theft.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/16/10 8:40 PM
@K-Arab

My comment about Bluetooth wasn't meant to imply you actually use Bluetooth. I've just seen phones get hacked into remotely where:

1) The phone wasn't connected to the Internet.
2) The user was NOT using Bluetooth.

Nonetheless, using a flaw in Bluetooth technology, the phone was hacked into.

It may be true... it may be that there isn't a common thread between the reported cases and that the only real common thread is that everyone who experiences the problem tends to chime in on the same threads.

At this point, there are only two things which can be done. Seek out and find a potential common thread (if there even is one)... or two, realize that it's a result of poor security practices on the user's part. I was giving the benefit of the doubt and assuming that everyone was really good about not using the same password twice... were being extra cautious when clicking links from reputable websites... have never used Internet Explorer in their lives... and don't run a Windows computer. Giving that benefit of the doubt, my only other avenue was to see if there is a common link... like cell phones, which are easy to hack into remotely even if the phones are not connected to the Internet. It only requires a certain amount of proximity. If this isn't the common link, perhaps we just go back to the more likely reason: you need to be a computer hacker to truly be safe using technology... and even then, you're never 100% safe.

Oh well.

Re: Argh spam sent from my email address, hacked? deyadasgupta 4/16/10 10:43 PM
I've just logged into gmail now (username deyadasgupta) and was shocked to find loads of bounced emails in my inbox, around 51 separate emails in my sent box which I had nothing to do with all sent at around the same time and corresponding to an IP address in Spain having logged into my account (I'm not based in Spain).It seems every email address I've ever been in contact with, professional and personal has been spammed by my account.
 
I don't use my gmail password for any other service.
 
I've since changed my password and disabled forwarding/POP/IMAP as advised.
 
I'm not sure what else to do. Is my account now safe?
 
I've had this account for 5 years now, so loads of work-related stuff in there. Should I save my important emails and contacts and just close the account?
Re: Argh spam sent from my email address, hacked? bkc56 4/16/10 10:44 PM
Seek out and find a potential common thread (if there even is one)...

I tried to do this with some followup questions to a number of thread suffering from this most recent flood of compromised accounts.  Some of the common factors I found:

1.  The password was not changed (the owner did not loose access to the account).
2.  Nothing was deleted from the account (typically accounts are purged).
3.  No other settings were changed.
4.  The spam was in Sent Mail.

There wasn't anything common about account access (some were web only, others not) or anything else that showed up.

There are some indications that the actual account access may have been through mobile access (perhaps why the account couldn't be purged) but that's not confirmed.

Personally, I'm more interested/concerned about how they are getting access to accounts.  If there's some new hole or trick being used, closing that would be a big help.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/16/10 11:23 PM
Likely a social engineering hole.

Re: Argh spam sent from my email address, hacked? bkc56 4/16/10 11:30 PM
Likely a social engineering hole.

Can you explain what you mean by this?  What would an example of this be?
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/17/10 12:11 AM
@bkc56

I just think the majority of cases aren't due to holes in software, but in holes in people's perceptions of the technological world.

For instance, I have heard too many times to count, "I own a Mac, so I know it's not a virus." Macs are safer to use that PCs, sure... but the moment you convince yourself that your ship can't sink is exactly when an iceberg shows up.

I have also seen too many times situations where someone signs up for a social networking service which asks for their Gmail or Facebook credentials to automatically start setting up their social circle, and they just start typing away thinking, "this is a pretty popular service... I can trust them." It's not about trusting the service. It's about trusting their reputation for security. If they haven't been around for years, they are likely making lots of security-related mistakes. Even Microsoft, after all of these years, still makes security mistakes.

I have seen people say many times, "I use a different password for every service." only to find out these passwords are "flowers1" and "flowers2" and "flowers3" and "flowers4", etc... I guess they think hackers can't count.

I have also seen people change their password every month or so, only to keep changing it back and forth between the same two or three passwords.

I've seen situations where someone says they never browse the web, for fear of getting a virus. Yet, they have their home computers networked and have an old PC sitting in a corner with no monitor attached. IT is connected to the Internet so that it can auto-update Windows, and it is also always on. They just use it for file storage.

All of these things are social problems. It's not a security hole that can be plugged or patched or fixed. It's a social bankruptcy that can only be resolved with education.

Again, I think the biggest hole is the social engineering one.

Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/17/10 12:27 AM
Another thing to consider are instant messaging programs like Trillian or Digsby. These are terribly convenient if you want to be on AIM, Google Talk, Facebook Chat, ICQ, and Yahoo Messenger all at once within a single application. However, consider for a moment... all it takes is for the application writer to be lazy and store the login credentials in a non-encrypted format or an easily decrypted format and to have a security hole which exists in the application for a day. Sure, they can identify the hole and quickly patch it. However, while that window was open, there's no telling how many hackers exploited it... grabbed the password-containing files... then waited until the perfect opportunity to start using this information later. Imagine, instead, if one of the developers of the IM client put the hole there on purpose. Or, maybe when you enter your credentials for Google Talk (Gmail), it encrypts this and silently sends this back to the IM client's headquarters for decryption and storage.

The Internet is full of new startups... from Facebook to Twitter and beyond. At any given moment, any one of these could be a single individual or a small group of young programmers hoping to make the next YouTube. In the meantime, they don't have security audits in place... they don't lock themselves out from seeing passwords... there are all sorts of procedures which would normally be in place in a large corporation which just isn't in the mindset of these entrepreneurs. So, whether they get hacked... or whether one of their own group is the unscrupulous one... your information is simply not safe. You take a risk with every link you click or every time you put off updating Windows or your browser because you're just not ready yet... maybe tomorrow... you take a risk with every PDF download thinking "well, this isn't an executable, so it's OK to open"... sure, Adobe responds quickly and patches their stuff in good time... but this is like striking matches and tossing them onto the carpet of your home thinking, "well, it probably won't catch anyway... that last one I did blew out on its way to the ground... the one before that just fizzled out... besides, if a fire does start, I'll just stomp it out with my shoe... and if it gets too big, the fire department is pretty responsive." Then, you toss another match carelessly.

I'm not saying everyone should be paranoid, unplug their computers, and run to live in the woods. I'm just saying that people should treat computer usage like they do seatbelts in cars. Take the steps needed to protect yourself. Never believe that you've got this security stuff all figured out. Don't stop trying to learn about how exploits work and what new types of exploits exist. You can keep driving the vehicle, but always make sure you keep putting on your seatbelt, make sure you don't become intoxicated with complacency, and always keep in mind that the perfect driver can always be sideswiped by an imperfect one.
Re: Argh spam sent from my email address, hacked? bkc56 4/17/10 11:10 AM
I just think the majority of cases aren't due to holes in software, but in holes in people's perceptions of the technological world.

Thanks for the detailed explanation.  I would agree with you 100%.

Personally, based on the number of posts about "is this e-mail asking for my password real", I think the biggest security hole is phishing.  For every person who posts, there's probably 100 that don't.  And I'll bet a lot of them replied or clicked the enclosed link.

And two weeks later when their account is compromised, if they even make the connection to the "account verification" they did weeks ago, they'll never admit it.

People are so fast to cry "the Google servers got hacked" or "there's an e-mail virus" when I'd be willing to bet that most of the time they just handed the hackers their login:password without giving it a second thought.  All the security measures in the world won't protect an account if one gives away the password to the first well-crafted phishing scam that comes along.

But I have to stop now.  I've got another 20-30 "my account got hacked" posts to respond to.

:-)
Re: Argh spam sent from my email address, hacked? va2bama 4/17/10 12:30 PM
I understand what you all are saying in reference to people not saying they have clicked a link or gave someone their password. But I do not USE the email account that was hacked. I have one email address that is gmail I use all the time then i have 1 that I stopped using ages ago. The one I stopped using was the one that was hacked. So what is the explanation behind that? And both of these are gmail accounts. 

Some people are blaming google. I am not. I just want to make sure that this can't happen again and what can I tell the people on my contact list to do since all of them have caught viruses from this. 
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/17/10 12:53 PM
"all of them have caught viruses from this"

I suppose you could tell the people on your contact list that it isn't wise to open unexpected attachments or questionable looking links, even from your closest friends and family. Communicate with them again separately, to determine if what they sent was legit first.

If you have an email address you "stopped using ages ago", you probably want to think about closing the account. It's the equivalent of having a second house that you just haven't been to in years. Chances are, if you haven't been there in years, it has been broken into, vandalized, and has vagrants living in it.

The one you stopped using you HAD used previously. Just because hackers end up with the keys to your house one day does not mean they will be guaranteed to use it the next. It's generally uncommon for stolen credentials to go unused for too long, but it's not outside of the realm of possibilities. If your password had been exposed ages ago (when you used the email address) and has been sitting around for all of this time, perhaps it took this long for the password to finally land in the hands of someone who used it.

Another possibility is that you entrusted your keys to another website or service ages ago... and maybe that website has recently been hacked, having tons of people's keys stolen.

The possibilities are endless.

Re: Argh spam sent from my email address, hacked? miscdebris 4/18/10 4:31 PM
My Gmail account was used to send spam this morning, as well. The offending IP address was in Romania (I'm in California), and Gmail was accessed via mobile device. Spam was sent to all contacts in my address book, and all of the outgoing emails were in the Sent mail folder. As far as I can tell, nothing else in my account was changed, deleted or compromised. I've since changed the password and the security question.

I had a 13-character password that was pretty complex and not mnemonic or common in any way. I only used this password for Google accounts and I'm very, very careful about phishing, using public devices, leaving Gmail/Google sessions open, etc. As such I'm not convinced that this is the source of the passwords gained by the spammers.
Re: Argh spam sent from my email address, hacked? vishal182 4/18/10 10:55 PM
This happ to me on 8th of April... I did post on the same thread before but then i did not have the IP address... I'm not sure if its of any use...but here u go..


Mobile Slovenia (86.58.50.43) Apr 8
Atom feed 68.180.184.139 Mar 31
Atom feed 68.180.184.139 Mar 24

Not sure what is Atom feed... but my account is used to send spam on Apr8...Pls try to get this fixed ASAP... i see there are too many ppl suffering due to this... thanks.


Re: Argh spam sent from my email address, hacked? Dagevos 4/19/10 2:46 AM
@bkc56 and google staff:
 
You were mentioning mobile access earlier, maybe that my problem with the "Sharing Happiness" email will give you some clues on this.
 
Last night I was reading my email on my mobile phone (windows mobile). I have two account set-up. My work-account (not google related) and my gmail account. I received the 'Sharing Happiness'-mail on my work-account. I opened it to delete it. Didn't click the link, didn't download any images, but still within a minute after opening the same mail was send to ALL emailadresses I ever used with my gmail account. Even adresses that aren't on my phone, and were never used on my phone.
 
I'm pretty sure there is a connection between my mobile phone and this incident, because it happened directly after opening the e-mail on my phone. The messages are in my 'Sent Mail'-box (there are 24, because all those e-mailadresses do not fit in one email) and are all exactly at the time that I've opened the email on my phone. My activity information mentions:
 
Unknown China (115.49.90.85) Apr 18 (17 hours ago)
 
I hope this helps people in understanding the problem. I changed my password and checked my account recovery settings. Nothing was changed or done, only this email was sent..
 
Anyone got any clues out of this explanation?
Re: Argh spam sent from my email address, hacked? Dagevos 4/19/10 2:48 AM
And an extra question to the google staff: can you please lift the 24-hour sending ban? I need to sent some e-mails! ;)
 
The story above this one tells you I did everything in my power to secure the account.
Re: Argh spam sent from my email address, hacked? Dagevos 4/19/10 2:49 AM
And another IP-adress exactly at the same time, this time from the browser: China (115.49.88.20)
Re: Argh spam sent from my email address, hacked? lardazzbuu 4/19/10 8:11 AM
My account was also used to send out spam last night at 2AM EST.  I have multiple gmail accounts but only one of the accounts was compromised.  Luckily it was the account that I only use for craigslist.  I have been corresponding with a few people recently on craigslist but I definitely did not give out any information about my account.

I do have anti-virus on my pc that does a full scan every night before the computer is turned off.
My question is if this was a virus on my computer, wouldn't it have effected all my gmail accounts? 
Re: Argh spam sent from my email address, hacked? bkc56 4/19/10 8:49 AM
My question is if this was a virus on my computer, wouldn't it have effected all my gmail accounts?

I'm pretty sure it's not a virus.  To many different platforms and environments effected for it to be a virus.  It's "simple" compromised accounts.  The trick is figuring out the vector through which they were compromised.  It's not brute-force password guessing.  Probably some common web-site or service, but there's no way to collect good metrics to try and figure out what.
Re: Argh spam sent from my email address, hacked? mateus.longo 4/19/10 8:55 AM
  Last night something weird happened in my google account. I was
logged in, and was doing several other things, so my session remained
open for nearly one hour.
  Somehow, I returned to the PC and noticed that near 30 new emails
were there, all of them Postmaster error notices. And all messages
contained suspicious links. Earlier this morning I noticed on my sent
mail that tens of more emails were sent among those 30.
  You are going to say I may have been infected by a worm, trojan
horse or virus, but my anti-virus (AVIRA Antivir) was up to date and
still is, and just after, I scanned the entire drive.
  So I'd like to know if you noticed something weird last nite aroun
10:25PM (GMT -3:00).
Operating System: Windows 7
Browser: Firefox 3.6.3
Anti-Virus: Avira Antivir 10.0.0.0.561
and below is a sample email that was sent:
> From: "Mateus Longo" <my_email.com.br>
> Sent: Sunday, April 18, 2010 10:25 PM
> To: <sam...@yahoo.com.br>
> Subject: Briaelburn
>
>> http://environnementcitoyens.com/home.php
>>
>> --
>> Flws
>> Mateus Longo
>> www.insideracing.com.br
>
Re: Argh spam sent from my email address, hacked? SN 4/19/10 10:21 AM
Mateus.longo,

Do you only use a Gmail supported, updated browser(s), only on computer(s) having updated security software?

Is the only place you ever used your Gmail username and password is at the Gmail login page?

How many times have you ever experienced your Gmail being hijacked in the past as well as recently?
Re: Argh spam sent from my email address, hacked? mateus.longo 4/19/10 11:21 AM
Hi,

Do you only use a Gmail supported, updated browser(s), only on computer(s) having updated security software?
Yes I do. Except that I use Gmail Mobile on my mobile phone. But I did not use it for several days.

Is the only place you ever used your Gmail username and password is at the Gmail login page?
Yes.

How many times have you ever experienced your Gmail being hijacked in the past as well as recently?
It is the first time it happened.
Re: Argh spam sent from my email address, hacked? SN 4/19/10 11:48 AM
Hi Mateus.longo,

Thank you for answering my questions.

I would suggest you stop accessing your Gmail account on a phone until you are fully comfortable, if ever, with your phone's security to protect your access to Gmail; I do not not about phones accessing the internet regarding security but you can refer mobile security questions over at the Google help forum, (see references) or at the manufacturers website.


See Bkc56's 3/11/10 reply above to help re-secure your Gmail account, and should also peruse all the Gmail privacy and security articles located at Gmail main page help link, to keep you knowledgeable how to keep your Gmail and computer secure while accessing your Gmail account on a computer and might notice you made some mistake where, for example didn't "Clear forms, passwords, cache, and cookies in your browser on a regular basis, especially on a public computer."

Hopefully, you can discover how this hijacking occurred by retracing your recent activity and avoid in the future.
Re: Argh spam sent from my email address, hacked? msil 4/19/10 11:52 AM
bkc56, and SN

this is something other than just a few users with compromised passwords.  It's time to treat it seriously and not blame the victims.

Google people: Where are the warnings?  Where are the blog entries? why has everyone not been told to change passwords???
Re: Argh spam sent from my email address, hacked? SN 4/19/10 12:12 PM
Msil,

This hijacking problem has nothing to do with Gmail with regards to being unsecured Gmail service; rather users making errors.

Reason is, I have couple of yahoo email accounts and their email service is constantly experiencing users accounts being compromised; so, most likely, though I haven't honestly checked, other web-mail services also have their users experiencing compromised accounts.

Based on this premise alone, users are exposing their email login information or some other user error.
Re: Argh spam sent from my email address, hacked? rviradia 4/19/10 3:06 PM
my dad's yahoo account had the same thing happen, turns out he had a trojan virus on his pc which I logged into once, we both got nailed, his on yahoo and mine on gmail.
Re: Argh spam sent from my email address, hacked? rviradia 4/19/10 3:14 PM
here's the one my dad got hit with on yahoo, would be nice if gmail & ymail blocked Chinese IPs by default.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 4/19/10 3:53 PM
@rviradia,

That would make sense, in theory, except... what if I am traveling to China and I wish to check my Gmail account? Given the great firewall and the prevalence of hackers in China, maybe this wouldn't be such a good idea... nonetheless, it turns into a usability problem. "Gmail - you can access it from anywhere... well, except for China... oh, and Italy, Brazil, Latvia, Romania, Saudi Arabia, Slovenia...

Perhaps a quick way to allow some people to be secure would be on a case-by-case basis to allow people to disallow access from "other countries". i.e., I live in the U.S., so I can pick U.S. as my country of access, then disallow access from any other country. If I plan to travel abroad, I can unselect the option. In the meantime, keeping it selected might keep me that much more secure. This isn't to say a proxy couldn't be used to bypass this, but perhaps it could reduce the chances.

Re: Argh spam sent from my email address, hacked? keets789 4/20/10 8:28 AM
My email was also hacked.

I rarely login to gmail to access this email and only receive newsletters from it.

None of my other accounts accessed through outlook were compromised so i'm confident that this was something that happened on the google platform. Another reasone I am confident about this is that it emailed everyone I have ever sent emails to on gmail including ex boyfriends and I dont have that information in my outlook as I've only started using outlook over the last year or so.

Now another friend is having the same issue but with a different link being sent out to all her contacts or anyone

Help!!










 



date
Wed, Apr 14, 2010 at 10:35 AM
subject+Hi+
mailed-bygmail.com

hide details Apr 14 (6 days ago)

http://sites.google.com/site/seye46uyrjdhs/gkfk6h
Re: Argh spam sent from my email address, hacked? bmw00a 4/20/10 8:57 AM
I woke up this morning and while I usually have 10 or fewer emails in my inbox I had over 60.  Almost all of them were bounced emails.  I checked my sent email folder and saw approx 150 emails were sent out in the middle of the night.  Each one had a different random subject line.  The email text was nothing but a random link, and each one appears to be different.  I immediately changed my password and security question.
 
Now apparently Gmail will not allow me to send out a mass email to everyone on my contacts list to warn them not to open the email, but because I received so many bounced emails they have shut down my ability to send anymore emails for 24 hours.  Seems as though their effort to protect against spamming is preventing me from protecting against spamming by warning everyone. 
 
Anyone else been blocked by google from sending emails after something like this?  If so, did you get it resolved?
Re: Argh spam sent from my email address, hacked? mateus.longo 4/20/10 3:35 PM
Now I found myself like a castaway person.
I bring to google a serious issue, because I'm 100% certain the problem wasn't caused by MY missuse, and what do they say? NOTHING!!!!!!!!!!!!!!
Come on!!!!
The least I expected was some serious questions about the happening and some investigation, but no. Google really disappointed me.
Could it be a problem with windows? YES!
Could it be a browser security breach? YES!
Could it be caused by bad-use of the computer? NO, I'm not a dummy user that clicks everywhere on the Internet to see what happens AND I do use updated anti-virus, with up to date windows updates.
Could it be a Google security breach? YES!
Why Google did nothing? I'd really like to know!

This is sad....

Re: Argh spam sent from my email address, hacked? bkc56 4/20/10 3:42 PM
Why Google did nothing?

At the risk of offending, you really have no idea what Google is or isn't doing to investigate this latest flood of compromised accounts.  Neither do I.  I know you're frustrated as are many other users who's accounts have been compromised.  I'm frustrated having to post in hundreds of threads with instructions to re-secure accounts and other suggestions.  But random claims about what might have happened, or who might be doing what does nothing to help people recover or understand what is happening.

</soap box>
Re: Argh spam sent from my email address, hacked? saktikalyan 4/20/10 11:54 PM
Yesterday only I got mail delivery failures when I in fact have not sent any emails.  I moved them into spam and looking into spam it looks like it was happening from a few days ago and since I never look into spam it went unnoticed. Looks like google didn't notice this behavior early enough and now most of the accounts are getting spoofed or hacked . Google team please fix this fast enough so our accounts are more secure
Re: Argh spam sent from my email address, hacked? saktikalyan 4/21/10 12:03 AM
I checked in my recent activities and it shows my account was accessed from Mexico whereas I am from India  , does it indicate my account was hacked  and not just spoofed . I have changed my password immediately and password recovery options as well.


Browser Mexico (201.144.248.178) Apr 20 (13 hours ago)

Re: Argh spam sent from my email address, hacked? JohnW2 4/21/10 7:15 AM
@saktikalyan - yes, it does mean your account has been compromised if any IP address other than yours is showing in Recent Activity within Details.
Re: Argh spam sent from my email address, hacked? kogeliz 4/21/10 8:29 AM
mine was hacked, too.
embarassing.
 
looks like it came from 210.119.175.249  South Korea
Re: Argh spam sent from my email address, hacked? rsksmiles 4/21/10 8:43 AM
I have the same problem. I have now changed my password and can no longer send email.

Where do I find the "recent activity"
Re: Argh spam sent from my email address, hacked? Kelemvor 4/21/10 10:45 AM
@bkc56

At the risk of offending, you really have no idea what Google is or isn't doing to investigate this latest flood of compromised accounts.  Neither do I.

Yeah, and that's the whole problem.  There is obviously a pretty serious problem here and yet no one from Google has come forward to even state that acknowledge there might be a problem and are looking into it.  No one is blaming anyone but when the entity that hosts the system turns a blind eye and ear and doesn't say anything at all, it's very understandable that people get a bit pissed at Google.

I even have another bug in the Gmail system that multiple people have and I have no way to contact anyone to see if they are aware of it or not.  When you go through the Help system it just takes you back here to post with your friends about the problem but no way to bring it to Google's attention.  They can't fix things that are broken if there's no way for anyone to let them know something is broken.
Re: Argh spam sent from my email address, hacked? Joshua 4/21/10 10:52 AM
Hmmm... @Kelemvor: Have you looked at the first page of this thread where a google employee explicitly acknowledges the problem and states that they are working on it (but there are no short term fixes possible -- this isn't a bug in a google system but rather a fundamental weakness in using passwords to protect accounts).

I agree that google should communicate more and should be putting lots of resources into this problem, but you can't say they haven't said or done anything.

I also agree with you that google should have a clearer way to report specific bugs. There are a few places in the help pages that let you do this, but they are hard to find. Other than that, you just need to post here and hope a google employee sees it. I've looked at your other thread reporting a bug in the snippets and I'll point it out to a google employee for you.
Re: Argh spam sent from my email address, hacked? ars427 4/22/10 10:33 AM
My account was hacked this morning in the same way that kushari reported except for my recent activities showed an IP from a mobile phone in Israel. I have changed my password, security question, checked my signature and vacation part in the settings tab. Am I protected now? How can I prevent this from happening again?
Re: Argh spam sent from my email address, hacked? jwarthurs 4/22/10 10:56 AM
I've had the same problem as most everybody else, and have taken the steps to (hopefully) stop this from happening again.  But now there's a new problem:
because of the spam that my Gmail account sent out, regular messages that I send are now getting caught in some folks' spam filters, and bouncing back to me as undeliverable.  Has my address basically been blacklisted?  How do I send messages from this address from now on?
Re: Argh spam sent from my email address, hacked? bcutshall 4/22/10 12:40 PM
just happened to me.  my account was signed into in France with a mobile while i was at work.  Luckily i saw the notice that i was logged in to 2 PCs and disconnected all sessions, changed security question and password for all of my gmail accounts.
Re: Argh spam sent from my email address, hacked? rkaiser99 4/22/10 5:43 PM
There's another forum with over 200 replies also discussing this.  Considering how long this has been going on with no fix in sight, I made the following suggestion on the other forum and I hope others on this forum will do the same to get Google on the ball to mitigate the damage from future hackers (this is something that should be easy for Google to implement since they already have something like it in place):
 
Copy the following into your browser: 
 
 
Then scroll down to the bottom and click on the drop down box under "I have another idea", pick "Sending and receiving" (or "Other"), then there will be another drop down box (pick Spam control) and you can paste the below report into the comments box:
 
Please give us the ability to "lock down" our Gmail account for a specified period if we exceed a certain number of posts in a certain number of minutes.   For instance, if I make more than 5 e-mails in 5 minutes, I'd like my ability to send mail suspended for 30 minutes.  This is in response to the recent hacking of e-mail accounts; this should somewhat mitigate the damage from future attacks.  I understand you already suspend the ability to send mail for 24hrs if exceeding 500 emails (you can keep that limit as a default), but most people would prefer much lower #'s and lower suspension period so if their account is hacked, they only have to explain it to a few people instead of hundreds of people and their account is only shut down for a short period so they're able to send  follow up e-mails to tell people not to open the earlier e-mails.
Re: Argh spam sent from my email address, hacked? Kelemvor 4/22/10 5:47 PM
Sounds like a good idea to me...
Re: Argh spam sent from my email address, hacked? phoenix0708 4/22/10 7:55 PM
I have sat here reading all the relevant posts and questions etc.

I set up an gmail account sometime ago and cannot remenber the security question.

I cannot access the alternative email addy for resetting etc

I have followed all the various self help links etc..

I do have an accessable gmail account ..but obviously im unable to reset the the alternative email addy to this ..?

So now I do not know whta to do..please advise
Re: Argh spam sent from my email address, hacked? bkc56 4/22/10 8:12 PM
So now I do not know whta to do..

If a Password Reset isn't successful, then use the Account Recover Form.  For information about account recovery (includes a link to the Account Recovery Form) see:  http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=117219
Re: Argh spam sent from my email address, hacked? phoenix0708 4/22/10 8:49 PM
Ok I have filled in the account recovery form..Thankyou.

answered the questions as best i can..

I origionaly forwarded personal info to the unaccessable account from my accessable gmail account...so perhaps this may verify my account identity,I was somewhat perturbed by all the points raised by google customers about having the accounts hacked..And having all the security protocols changed within the Account verification process..?

I have now changed all my Security questions and registered my mobi etc.
Re: Argh spam sent from my email address, hacked? mcginniss 4/25/10 1:53 PM
@MikeCH - on 4/24/2010 my acct got hacked from a mobile from Brazil: 
Mobile
Brazil (189.90.216.141)
Apr 24 (1 day ago)

Issue   my security question was not what I set  up and now I am not able to change it.   I can select a different question or create one but there is no where to put the correct answer.      I'm a security-phobe so all my PCs/passwords, etc. are regularly changed and quite complex.

Re: Argh spam sent from my email address, hacked? phoenix0708 4/25/10 2:07 PM
I have LOST all confidence in gmail there are quite clear issues that google need to address many people that I know are changing accounts . Have 3 years of emails and contacts on my account .. I have provided information to recover my login info for a gmail account obviously google only provides robotic generic answers which only causes more frustrations I think googles hold on the Market is coming to an END.
Re: Argh spam sent from my email address, hacked? stewardess 4/25/10 3:56 PM
Places where I re-used my password. At none of them did I use the corresponding gmail account, but I think we can agree that isn't important.

macys.com
nytimes.com
imdb.com
photobucket.com
sfgate.com
megaupload.com
etsy.com <== most recent
reunion.com <== yeah, that was stupid
emusic.com

But this couldn't possibly be my fault! /sarcasm

When people say they have never been phished, or never used their password on a public network (really? not even that one time at the airport?), or never re-used their password at another site, I wonder how many are accurately describing their situation.

Fortunately, I knew re-using the password was risky, and I only did it with one of my "garbage" email account I use to sign up at sites like those listed above. Unfortunately, it seems part of the hack was re-populating my contacts list with email addresses from my entire history of using the gmail account, six years worth. My contacts list showed 240 names, even though I have repeatedly and frequently chopped it down to about forty at most. I'm wondering if other people had a similar experience.

My "real" gmail account has a unique password and was not compromised. All financial sites I access (online banking, paypal, and so on) have unique pwds, too. Thank god I wasn't a complete idiot.

Re: Argh spam sent from my email address, hacked? GW2010 4/25/10 5:23 PM
I need help here. My ex swiped the password info to my gmail account and changed everything so I can't get into it. I've tried everything to try to get into the account and it's failed. I AM the owner of the account because it's my name. I've tried thru google multiple times to get the password reset and keep getting the message that they can't verify I'm the owner of the damn account! Can anyone help me please?
Re: Argh spam sent from my email address, hacked? bearbottoms 4/26/10 2:59 AM
I do not think all of these people, including myself had their personal computers infected. I have searched my computer for any trojans and have not found any! I think this happened from information gathered/hacked from Gmail servers and other servers rather than individual computers. This is the email that was sent "FROM: me" to all of my Gmail contacts:

"Dear friend,
I get good news. rictrade now has a big promotion. Every day the first
100 customers will be offered 50%  discount for its all products.
Besides, they accept payment via credit cards for customers'
convenience. It  is very nice, isn't it? Let's have a look at
Re: Argh spam sent from my email address, hacked? JohnW2 4/26/10 4:06 AM
@bearbottoms - sadly this shows a basic lack of understanding.
It is highly likely that your search for Trojans, etc., on your own PC won't find them there - probably because your PC is perfectly clean. 
But that fact doesn't matter because, although it's a slight generality, most normal user messages are created on the server, through the webmail interface. This merely involves your PC in providing "keyboard input" and a display to show what is being created (remotely) on the server. Whether your PC is infected (or not) doesn't much matter (with the exception of keyloggers, which can send your keyboard entry to an external point).

The simple fact is that passwords have been acquired, and these allow the perps to enter your account and then send their messages from there. If they use the correct keys, how can Google know it's not you entering your account?
No one is sure how so many passwords have been acquired - it is thought that the use of social networking sites is one 'primary' source, whilst it is also acknowledged that over 66% of users deploy the same password for several different services. In some cases, users have reverted to their old passwords after a few days, believing they've prevented the attacks which come from many quarters of the world, only to be stung again by a different perp!
One thing is clear, however: there don't appear to be any reports from people who have a strong and UNIQUE Gmail password that their accounts have been compromised. Since this password is the only key to your account, it is left entirely to you, the owner, to maintain that security.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 2:43 PM
The same thing is happening to me.  I have all of the same symptoms as the above users and am EXTREMELY careful about being secure.  I've also been using Gmail since it went beta in 2004 and this has never happened.

I must say that the most disturbing thing I've found on this forum is that Google representatives don't seem to be taking the problem seriously.  I'm seeing a lot of condescending posts implying that malware or "operator error" must be responsible.

I know for a fact that my system is not infected and go to great lengths to remain secure.  Please explain to me what is responsible for this issue and tell me how you plan to correct it ASAP. 

Otherwise, I'll take my email account to mac.com, which I've been considering anyway.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 2:51 PM
UPDATE:  I changed my password approximately 30 minutes ago and, 8 minutes ago, 4 more spam emails were sent from my account.  So changing my password did nothing.  This is creating a SERIOUS problem for myself, and from the messages above, many other Gmail users as well.

If Gmail wants to keep its reputation, I suggest you act quickly to rectify this situation.
Re: Argh spam sent from my email address, hacked? bkc56 4/26/10 2:52 PM
Here are posts by Google employees on this recent hacking attack:

http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en

http://www.google.com/support/forum/p/gmail/thread?tid=06b500533399c263&hl=en
Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 2:52 PM
Do you know they were sent from your account 8 minutes ago, or are you just receiving the bounce messages? Have you checked the last account activity screen?
Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 2:54 PM
By the way, exactly the same attack is hitting yahoo, hotmail, and AOL users. So unless they all have massive security problems, this is most likely users having their password stolen. That doesn't mean it is your fault (I think it is almost impossible to follow all the password security recommendations), but it does mean there is no easy fix from google's side.
Re: Argh spam sent from my email address, hacked? bkc56 4/26/10 2:56 PM
By the way, exactly the same attack is hitting yahoo, hotmail, and AOL users.

Do we have any links to forums or other information that would show the problem with other providers and what (if anything) they are doing about it?  I'm thinking their equivalent help forums...
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 2:57 PM
Yes.  Obviously, I checked my sent message folder.  As I stated above, the condescension I've seen from "contributors" on this forum is extremely frustrating.

Also, bkc56, I clicked on your links and, if I'm correct, Google's position appears to be, "we know about this and we're not going to do anything about it."

Is this accurate?

If so, I'm done with Gmail.
Re: Argh spam sent from my email address, hacked? bkc56 4/26/10 2:59 PM
Is this accurate?

Nope.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 3:01 PM
In 12+ years of using the internet, I've never had a password stolen.  I also use different passwords for various sites, including a unique one for Gmail. 

Also, Joshua, if you were correct, the illicit activity would have stopped when I changed my password.  As I stated above, it is still going on.  There must be more to this story.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 3:05 PM
HERE'S THE REAL PROBLEM:

http://www.pcworld.com/businesscenter/article/194635/drugdealing_spammers_hit_gmail_accounts.html

NOW, HOW IS GMAIL GOING TO FIX IT!?!?!

Please deal with your users honestly and admit there's a problem rather than blaming the victims!!!

WE DESERVE ANSWERS, NOT CONDESCENDING EXCUSES!!
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 3:11 PM
LIARS!!!

I'M TAKING MY EMAIL ACCOUNT TO MAC.COM AND ENCOURAGE OTHER GMAIL USERS WHO DON'T APPRECIATE THIS TREATMENT DO THE SAME!

GMAIL:  A LITTLE ADVICE:  TREAT YOUR USERS WITH RESPECT AND HONESTY.  OTHERWISE, WE'LL GO ELSEWHERE FOR OUR EMAIL NEEDS.
Re: Argh spam sent from my email address, hacked? sfsoma 4/26/10 3:15 PM
I discovered my contacts had been exploited this morning after one of them bounced and I appeared to have sent a message to myself.  The "recent activity" link in my account showed that my account had been accessed today via a 'mobile' access type from Kazakhstan (89.218.105.8).  The email that came from my account and sent to everyone of my contacts (so they could all see each other) was just simply this URL in the body, and no subject line:  http://hfoehihhoc.myblogsite.com/  That redirects to a pill site.  I could not find the sent message in either the trash or sent folders.

I can confirm something mentioned a few posts up -- this is affecting other websites today.  I got a very similar email from someone with an aol.com account.  Again using myblogsite.com, but with a different string of letters before the domain name. 

I'm now in the process of changing all my passwords at all critical sites.
Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 3:15 PM
@lowe.casey: I've read that article, and it doesn't say anything about any bug in google. In fact, it talks explicitly about phishing and malicious programs as being the cause.

Notice in my last post I asked you to check the "last account activity" screen (linked at the bottom of your inbox), not the "sent mail". Yes, changing your password should (and usually does) stop the attack, unless you have malware on your computer stealing the new password. But it might take a few minutes for google to boot the other login sessions. I'm not sure.

@bkc56: A quick search turned up this:
and
and
showing identical attacks on hotmail/yahoo/aol.

Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 3:21 PM
Yeah, Joshua.  Specifically, it says that "Gmail accounts are often compromised after phishing attempts or via malicious programs" (bold mine). 

That's obviously not the case in this situation, as MANY OTHERS have also noted.  I find this passage more salient:

"Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface -- which gives mobile-phone users a way to check their Gmail accounts -- and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. Most of the victims are reporting that their accounts were accessed via the mobile interface when the spam was sent."

THERE IS OBVIOUSLY MORE TO THIS STORY AND GMAIL REFUSES TO BE MORE FORTHCOMING ABOUT IT.

MAYBE THEY DON'T WANT TO ADMIT THE PROBLEM WITH THEIR MOBILE INTERFACE?
Re: Argh spam sent from my email address, hacked? bkc56 4/26/10 3:50 PM
THERE IS OBVIOUSLY MORE TO THIS STORY AND GMAIL REFUSES TO BE MORE FORTHCOMING ABOUT IT.
MAYBE THEY DON'T WANT TO ADMIT THE PROBLEM WITH THEIR MOBILE INTERFACE?


Of course these "conspiracy theories" don't explain why other e-mail providers are also getting hit with the Viagra spam hacking.  If it was a Gmail-only issue, the only Gmail users accounts would be seeing the problem.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 3:57 PM
Way to toe the party line, BKC.  You've got a real future in the Republican Party, regurgitating pre-written talking points.

The truth is that I've found numerous articles on this:

http://content.usatoday.com/communities/technologylive/post/2010/04/liability-issues-raised-over-google-gaia-system-hack-/1

http://www.switched.com/2010/04/22/hacked-gmail-accounts-hawking-viagra/

http://googlewatch.eweek.com/content/google_in_china/google_gaia_hack_shows_cloud_isnt_safe_after_all.html

http://www.pcworld.com/businesscenter/article/194635/drugdealing_spammers_hit_gmail_accounts.html

It's not much of a conspiracy if multiple, reputable news sources are reporting on it.  I feel it reflects poorly on Google not to own up to obvious security issues that challenge the viability of its "cloud computing" model (which I support, by the way).

Google:  Just admit you're not perfect and fix the problem.  There's no shame in that!!
Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 4:02 PM
As to the mobile interface, the article says "Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale."

Now, you may believe that google is lying or incompetent and therefore ignore all its explicit statements about this. If so, I agree it would be a very good idea to find another email provider. Just don't pick any of the other big email providers, because they are all facing exactly the same thing.
Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 4:07 PM
Two of those articles have essentially the identical facts that we've already been discussing. The other two are about the chinese hacking incident from December. Google has been very explicit in stating that no passwords or accounts were stolen in that incident. Again, if your theory involves disbelieving everything that google says, you might be very worried.
Re: Argh spam sent from my email address, hacked? bkc56 4/26/10 4:13 PM
...regurgitating pre-written talking points.
The truth is that I've found numerous articles on this...


Does anyone else notice the amusing contradiction (hypocrisy) in these statements?   :-)

Anyway, I'm going to bow out of the debate.  I don't have time to toss claims back and forth when there are so many users needing actual help with a variety of issues on these forums.
Re: Argh spam sent from my email address, hacked? lowe.casey 4/26/10 4:15 PM
Joshua, "may sometimes" is not a definitive statement.  To use that passage to vindicate Gmail is dubious at best.

I don't believe Google is incompetent.  Far from it.  In fact, what I find frustrating is that they obviously have the ability to fix this issue but won't even acknowledge it.

That is a blatant slap in the fact to its users. 

As for your claim that "other big email providers" are experiencing the same thing, I have found no evidence to support that.  There are a few articles I came across, but
NOTHING as widespread as what's gone on @ Gmail over the last week or so.


Re: Argh spam sent from my email address, hacked? Joshua 4/26/10 4:26 PM
A 30-second search on the forums of the other providers, as I demonstrated above, easily demonstrates that this is not a problem unique to google.
Re: Argh spam sent from my email address, hacked? Kelemvor 4/26/10 5:00 PM
Maybe Google could set something up so that I can specify that my account cannot be accessed by any IPs outside a certain range.  I know my home IP, my work IP, and my cell phone IP range.  Would be nice to be able to lock that down.
Re: Argh spam sent from my email address, hacked? Kaleh 4/26/10 5:51 PM
@lowe.casey

This is only one of many reports on another email provider's help forum that details the same type of reports that are occurring with gmail.

http://windowslivehelp.com/thread.aspx?threadid=992fa90e-0b58-44e3-ad5c-e803a4789315
Re: Argh spam sent from my email address, hacked? bearbottoms 4/26/10 6:08 PM
@JohnW2 "sadly this (me) shows a basic lack of understanding....The simple fact is that passwords have been acquired, ..."

And then you go on to state my point exactly - kind of. I've been computing since 1980 and have a very good understanding of these things. I do not appreciate you making such an inaccurate assumption.

Passwords have most likely not been acquired individually as many of the responses have tried to indicate, yours included. A massive leak has happened within Google where passwords were acquired. I use the on screen keyboard and LastPass to handle my passwords, they are complex, and well protected.

You also seem to indicate that other sites such as facebook etc. may be responsible. Most likely, may be, could be are not answers. Unless you have definitive answers, I would recommend not saying anything and suppositions should be left out of these discussions. The most likely massive leak for Gmail passwords is Gmail. Seems the passwords were also sold around to many spammers.

That other companies may have also had their data bases compromised only indicates the sophistication of those who accomplished the matter.

LastPass does not have access to or know the master password for it's users. Does Gmail know and store the passwords for it's users accounts? Answer that question first.
Re: Argh spam sent from my email address, hacked? LaneLester 4/26/10 7:36 PM
The electronic sales message that went out from my account was China IP 115.49.93.65, and the domain was different from that reported by others: www.eoapo.com. It occurred at at 7:34 pm EDT, April 26. I'm running Firefox in Linux.

No mobile interface used by me ever. No one could guess my password; it's an essentially random set of letters. I've changed it as advised above. POP and IMAP were enabled by default, although I've never used them and have now disabled them.
Re: Argh spam sent from my email address, hacked? TheWoodman 4/26/10 8:20 PM
Just thought I'd add my experience to the database, Yesterday and again this morning I discovered my gmail  account had spammed all my contacts (not just my "contacts" but every email address in my inbox from 2004 to present - wrong numbers and  all). At the time all three of my computers had been sign out and were off.
 
The spam was an empty email with just my gmail signature.

 Gmail's recent activity shows these 2 anomalous IP addresses which correspond to the spam events.
Mobile Romania (213.233.92.122) Apr 25 (1 day ago)
Mobile Romania (188.24.211.45) 6:03 am (17 hours ago)
 
I never, ever use a mobile interface. ;I immediately changed my password and have now checked through the settings, I've changed it as advised above. POP and IMAP are now disabled (although I've never used them).  We'll see if it happens again.
Re: Argh spam sent from my email address, hacked? JohnW2 4/27/10 2:54 AM
@bearbottoms -  Yes, of course your Gmail password *is* stored by Google, but it is held in an encrypted form (128-bit AES, I believe) within the account record. This would make it nigh on impossible for a large scale leak of passwords to occur, as you state. 
Once the hackers acquire such information of course they sell it on to others (including the spammers), as it is as valuable to them as any other information which might lead to a sale of some goods.
And I do cite Facebook as a source of several password thefts: this comes from the fact that there are people who have admitted on this forum to using the same password for Facebook as they do for Gmail. Their accounts were compromised only after they went onto Facebook.

But to be honest, it really doesn't matter how the passwords have been acquired. That they have is sufficient of a problem, and every single user should be making sure their recovery information is correct in their Personal Settings, and that their password is both strong and UNIQUE to Gmail.
Re: Argh spam sent from my email address, hacked? Obi-Wan 4/27/10 7:21 AM
I think my Gmail account was hijacked a few hours ago.

My account sent 100s of e-mails with a single URL in the body, no subject  (http://*.angelfire.com/).  The e-mail appears to have attempted the entire list of accounts I have ever sent an e-mail to.  Many of those accounts are no longer active, so I got about 170 or so bounce backs.  I do not use Contacts, so it was not from there.

My Sent items contained all of the sent mail.  This indicates to me that my account may have been taken over.  My Signature and Vacation settings were not in-use or changed.

I access Gmail exclusively through Firefox running on Windows Vista at work and Windows XP at home.  My password for Gmail is exclusive to Gmail (I use a separate "strong" password for EVERY different website I access that requires authentication).  I was not logged into Gmail at the time the messages were sent.  I did not even have a browser open.

I ran the "Last Account Activity" tool from the bottom of the Inbox page and that output showed a "Mobile" access from Chile (200.83.167.226) at 1:41 EDT April 27, 2010.

I found the following link that discusses what to do:
http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html

My question is if Google saw this activity or not.  I did not get a warning from Gmail, so I am curious...

Much discussion is on the treads about this.

Is this a problem at Gmail (though not specific or limited to Gmail)?
Re: Argh spam sent from my email address, hacked? JohnW2 4/27/10 9:10 AM
@Obi-Wan - yes, your account has been compromised, as your password has been acquired.
Like all messages created in Gmail when using the webmail interface, the messages are created on the server. They do not need any connection to your PC or any software thereon. They don't even need the Contacts database now (in the beginning of this attack they were only using the person's contacts, but now they are introducing their own lists).
Gmail, like all the other major e-mail service providers (AOL, Yahoo!, etc) is suffering from this concerted attempt to use private accounts to distribute Spam. It's not entirely certain that the reported 'sources' are actually involved, since spoofing IP addresses is a relatively trivial task for spammers, but it does indicate that the account passwords of many people have been compromised and that there is likely to be a real driving force behind this attack.
It does however, make it more likely that other service providers will just dump inter-service messages as they try to limit the amount of spam being passed around.
Re: Argh spam sent from my email address, hacked? Obi-Wan 4/27/10 9:37 AM
@JohnW2
Thanks for the reply.  I am a IT Guy by trade, so I understand the signs.  I also understand how GMail works and the associate tasks/messaging...  I was one of the early 500 or so invited back on July 1, 2004.  This is the first time I have had any trouble.  A quick scan of the "internets" will list many threads and stories on this subject.

I am hopeful that this was a case of a simple stolen/obtained password and now that I have changed the Gmail password (it was active for WAY too long), I should be ok.  And, let's face it, this was not terribly harmful.  No changes were made to my account at all, just spam sent.  And the spam was a URL to a quasi (albeit expired) web address to some pharmacy in Canada.

The base question for me is about the "Mobile" access.  This seems to be a common occurrence of the hijacking reported in the threads...

I understand that Google/Gmail are not alone.  I am just hopeful that they remain vigilant toward a trend and/or possible fix.

Meanwhile, I am simply reminded in this instance to stop being lazy and change my passwords more often (which I did in Gmail as well as banking and other sites).

I agree this is likely spoofed at some point, there are simply too many wide ranging (in appearance) global IPs.  I also agree that this seems coordinated, daggone spammers!  I suppose that you have to be creative to survive...
Re: Argh spam sent from my email address, hacked? Mike CH. 4/27/10 11:35 AM
Good evening everyone,

This thread is getting very long. But it's time for a summary post nonetheless.

What is Google doing?

We made some changes today that are allowing us to block hijackers in real time. Accounts identified as hijacked are being sent to phone verification and forced to change their passwords. Typically only a few spams are making it out from these accounts, if any.

It is absolutely certain that the spammers will respond quickly, and try to hide themselves better. So this doesn't mean the problem is solved.

We have many people working on hijacking right now. Some of them are working on medium to longer term projects - look for announcements on these efforts over the next few months. Others are working on shorter term projects which will typically not be announced. For instance, we're improving our hijacking detection system (the thing that generates the red warning bar) to make it faster and stronger. We're also improving the account recovery process to help more people recover their account after a hijacking.

Why we believe Google is not hacked

There has been a lot of discussion of this. I don't want to try and address every theory, but here is some more background.

There is a wave of hijackings impacting many large websites right now. Facebook, Hotmail, Yahoo, Craigslist - all these sites are seeing problems with accounts being stolen en-masse as well. That's because there isn't one underlying flaw that's being exploited, it's the generally poor state of computer security that's the weak link.

We have penetrated areas of the black market and observed stolen accounts being bought and sold. Other companies have done so too. These accounts come in various forms. Some of them clearly leave evidence of how they were obtained, eg, via keylogging viruses and web site break ins. We have seen people selling hundreds of thousands of accounts on various Russian hacker forums, a mix of different email providers. Sadly, these guys don't need to hack Google or Microsoft or any other big company - they can get all the accounts they want via other means.

You can read a report on one recent incident here


That story is about Facebook but I want to emphasize that this is not an attempt to shift blame. This is not a Facebook specific problem. This is a problem that is impacting the entire computer industry right now.

What you can do to help

We all have friends or relatives who use email. We're working on this from our end, but you can help by reminding your friends of good security practice. Read the sticky post in this forum for a great list compiled by MrEvan and the top contributors in this forum.

Quick points you can tell them:

 • Use a unique password for your email account. 
   Never share it with another site, as hijackers can get other sites to send them forgotten password links
 • If you receive a mail from a company that asks you to log in, navigate to the companies website directly. 
   Don't click links in emails especially if they ask you to log in.
 • Avoid viruses. Keep your software but especially your web browser and plugins up to date. Avoid pirated software. Use an AV scanner.
   Microsoft provide a free antivirus scanner if your friends don't subscribe to one already called Security Essentials.

I hope this helps clear some stuff up.

Re: Argh spam sent from my email address, hacked? schnisz 4/27/10 11:56 AM
I understand the emphasis on changing passwords, but that is not helping.  I have changed mine several times and it doesn't stop it. 
Re: Argh spam sent from my email address, hacked? Mike CH. 4/27/10 12:01 PM
schnisz, not sure which account you are referring to there. If changing your password doesn't stop the spammers, you probably have a keylogger on your computer. If your AV scanner isn't picking it up, you'll need to back up your important data files, wipe the OS and reinstall it from scratch. A local PC repair center can help with this.
Re: Argh spam sent from my email address, hacked? crazygravy 4/27/10 12:13 PM
I know for certain that @aol.com users are compromised as well. I work for an ISP and our spam firewall has seen a large amount of the exact same spam with exactly the same links and subjects coming from @aol.com addresses.
Re: Argh spam sent from my email address, hacked? bkc56 4/27/10 1:31 PM
I know for certain that @aol.com users are compromised as well.

That's good to know because it moves the problem from a specific e-mail provider and the possibility of a compromised server to a generic problem of password harvesting that's independent of the provider.

Might be a bit embarrassing for those who leave Gmail because it's "not secure" and then get hacked on their new provider.
Re: Argh spam sent from my email address, hacked? K-Arab 4/27/10 3:42 PM
Hey all,

I posted my problem I think 2 -3 weeks ago, and a lot of spam was sent out of my gmail account. I took all security measures when I read this forum  and since then everything is working fine. I have not noticed anything weird

Thank you Mike CH, for participating in this discussion and informing us what is happening in google itself. I am not sure f you take suggestions here but here are a couple that I think might help for the future:

1- Instead of adding everyone I send an e-mail to, to my contact list, I should have an option to do so.

2- Instead of all those adds I see on the top of the page and on the side of my account, send a notification IN RED for users to update their security settings and make sure everything is good. At least for the time being.

I hope this gets solved really quickly and the hackers get caught.
Re: Argh spam sent from my email address, hacked? Joshua 4/27/10 3:53 PM
I personally don't think 1 is such a good idea. With just a tiny bit of extra code, the spammers could simply grab email addresses from all the mail you send and receive.

Google is already doing 2, although you could argue they should be doing it more aggressively.
Re: Argh spam sent from my email address, hacked? Obi-Wan 4/28/10 4:18 PM
Ok, now here's a good one...

I cannot access my account starting just now.

My account was hijacked about 36 hours ago.  I changed my password.  I have used Gmail a bit over the past day and a half. 

I was just in the middle of typing an e-mail and I was booted out.  When I try to log in again, no joy.

Interesting part?  My Gmail username and password work on this forum...
Re: Argh spam sent from my email address, hacked? sallysbitsofclay 4/29/10 5:10 AM
I just discovered that the same thing happened to me thi morning.  Someonw accessed my Gmail account and sent mail to everyone in my contacts.  I thnk Gmail has a big problem and won't admit it.  I changed my password but wonder if that will help.  I think the best thing I might do is close my gmail account.
Re: Argh spam sent from my email address, hacked? bkc56 4/29/10 7:29 AM
I think the best thing I might do is close my gmail account.

Or you could search the forum or even read the "Best Answer" and "Popular Answer" in this very thread for information about what's going on and how to re-secure your account.

Other Google posts on the subject:

http://www.google.com/support/forum/p/gmail/thread?tid=06b500533399c263&hl=en
http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=225
Re: Argh spam sent from my email address, hacked? lowe.casey 4/29/10 10:37 AM
Enough with the condescending attitude BKC.  You seem to be knowledgeable enough to help these people but all you do is make snide remarks blaming the victims for this attack (e.g. "Or you could search the forum or even read the "Best Answer" and "Popular Answer" in this very thread for information about what's going on and how to re-secure your account.).

The problem is that myself, and MANY others have already taken those steps.  We've done all we can to re-secure our accounts (change password, check for spyware/malware/keyloggers) and SPAM IS STILL BEING SENT FROM OUR ACCOUNTS!

If you're not going to take this issue seriously and offer useful advice, then just leave everybody alone.  If you can't figure out what's going on, then maybe you're not the know-it-all that you obviously think you are.

Finally, doesn't someone with your "superior intelligence" have something better to do than hang out on the Gmail message board all day.  Get a life!
Re: Argh spam sent from my email address, hacked? Joshua 4/29/10 12:21 PM
Well, @lowe.casey, you can understand it is frustrating when people post a "me too" answer at the bottom of a long thread without remotely acknowledging that they have read the tons of advice and suggestions that people have taken the time to write in the thread.

As for your particular issue, I understand that you could be frustrated too. From my observation, the vast majority of people suffering from this problem report that it goes away after changing their password. Obviously it hasn't for you. I've asked you a couple times if you have checked the "last account activity" listing at the bottom of your gmail inbox. Do you see unusual access there?

Could you show us the full headers ("show original" on the menu next to Reply in the upper right) on some of the spam that is still going out.

The other issue is that anti-malware programs are not perfect. They can often miss things. Sometimes it helps to try several of these programs. Google gives a bunch of suggestions here:
Re: Argh spam sent from my email address, hacked? Mike CH. 4/30/10 9:51 AM
lowe.casey, I'll follow up with you privately on this matter. It's very rare for people to report that they're still sending spam after changing passwords and with your permission I'd like to investigate further.

Re: Argh spam sent from my email address, hacked? lowe.casey 4/30/10 10:47 AM
YES!! PLEASE!!! The last batch of spam emails was sent on 4/28 (Wednesday) at 5:39pm.
Re: Argh spam sent from my email address, hacked? TheDJ10 4/30/10 1:36 PM
Same thing happened to me today (4/30,) I could see someone from Italy had accessed my account and sent spam to all my contacts. This is the first time my account has ever been hacked (think its been 4-5 years.)

I work in IT and all my passwords are secure, no virus' on PC, etc.. etc.. the only thing that has changed recently is I have a Moto Droid. Not sure if that got compromised somehow?

I changed my password and so far so good, I am going to keep an eye on this and see what happens.
Re: Argh spam sent from my email address, hacked? kelstation 5/1/10 11:25 AM
Pretty much the same story for me as DJ10. And the same suspicion. My account was hacked 4/15 while I was away from my PC and using the DROID. I checked email at a pizza joint (over the cell network, not WiFi) close to the time my contacts were grabbed and spam was sent.

Very embarrassing. Messages were sent to all my contacts (more than 700) alphabetically and in some instances spam was sent to multiple contacts in a single email, revealing addresses to everyone.

No PC infiltration, virus, spyware, etc. Changed passwords, etc. I've been smart about not using the same password and they're very random. Everything has since been ok, but I'm nervous to use the Droid over 3G (Google integration was pretty much why I got the phone).

BTW, I'm using Lookout for security on the phone.
Re: Argh spam sent from my email address, hacked? sallysbitsofclay 5/1/10 1:27 PM
kelstation, I don't think the phone has anything to do with it.  I don't have a phone and mine was hacked also.  I have a secure password and change it frequently.  I am always very careful and it's a puzzle to me how this happened.  I removed all the contacts from my address book, transferred them to another email address just so spam won't be sent to my clients again.  I will still use gmail, but not for my business.
Re: Argh spam sent from my email address, hacked? kelstation 5/1/10 1:36 PM
@sallysbitsofclay--

It may not be the phone but I am suspicious of the mobile interface since this happened to me only when I used gmail via the droid in a public place. There may be a variety of entrance points, no doubt, but I think the mobile front should be a consideration, especially since many of the previous reports are identifying mobile IPs. There may be some kind of mobile path to gmail.

I don't want to come across as threatening or angry as a couple of other previous posters, but I have had business problems as a result--I had "private" NDA client addresses show up in a mass spam email that most definitely should not have--in the "security" business of all things--and I suffered some humiliation because of it.

I, too,, would prefer official Google reps were paying more attention to the matter, though I'm not blaming Google exclusively. I can imagine it must be difficult to narrow down the attack on their side since we're all having similar but slightly different environmental issues.
Re: Argh spam sent from my email address, hacked? bkc56 5/1/10 2:34 PM
I can imagine it must be difficult to narrow down the attack on their side since we're all having similar but slightly different environmental issues.

That, plus the fact that it may not be a single point-of-entry but instead password harvesting by a number of different methods making it impossible to figure out just how it's happening.  Even if someone figures out how their account was compromised, that may not apply to the next 10 people.
Re: Argh spam sent from my email address, hacked? kelstation 5/1/10 3:47 PM
"making it impossible to figure out just how it's happening.  Even if someone figures out how their account was compromised, that may not apply to the next 10 people." (I don't believe in the word impossible where this is concerned. But in your example, at least one person wold have a solution, which is better than none...)

@bkc56--

I've been following this thread for a while and think you've been responding rationally even though you seem to be the one isolated for blame here. :/ I appreciate that, but will add something that seems incongruent to me: I don't particularly care if gmail, ymail, hotmail, and any other mail are all compromised any more than I care whether B of A, Wells Fargo, Chase, Wachovia, etc. are all robbed at gunpoint. I require information and communication from the place I do business with, or where I'm holding my assets.

Google may not be the only place suffering from this attack, but it is A place I rely on. All of us here are seeking answers. Some mad, some helpful, but we're all providing info that is helpful and takes time. Do I want to spend my time on this board? Nuh uh. But I'm here, hoping to provide something worthwhile and to find answers.

I will say I don't believe this is a user issue, as convenient as that may be. There's a whole somewhere and I believe there's some evidence that there's an issue specifically with mobile clients. Not always, but a number of folks have isolate the Droid (myself included). Not sure what that's worth, but my break-in happened while I was logged out of an account with a highly unique password by a mobile IP (Romania I think) while using my Droid to check mail using Verizon (interesting in itself since that's a GPRS and not GSM network).   
Re: Argh spam sent from my email address, hacked? bkc56 5/1/10 5:32 PM
I don't believe in the word impossible where this is concerned.

Let me re-phrase that sentance:  That, plus the fact that it may not be a single point-of-entry but instead password harvesting by a number of different methods making it impossible to provide a single solution that works for everyone.  That's better states the point I was trying to make.  If Google investigated and found that every hacked account (in this recent attack) was hacked after the owner had visited some specific web-site, then we'd know what to do.  But so far there's no single identifiable vector for the password harvesting.


All of us here are seeking answers.

Believe me, I would like some answers too.  At present my only "help" is to post that tired list of things to check to re-secure an account.  I've posted it hundreds of times at least.  But for people posting in a panic because their account is sending out spam, it's the best information I have to help them.  So I keep reading and posting because these people desperately need some information, even if it's incomplete (doesn't address HOW they were hacked).


there's some evidence that there's an issue specifically with mobile clients

Google has specifically said (emphasis mine):

Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale.


Which means the mobile interface is the avenue for account access.  But so far there's no indication that it's the vector for password harvesting (supported by many posts by people who's account was compromised and don't use a phone with it).
Re: Argh spam sent from my email address, hacked? kelstation 5/1/10 5:41 PM
@bkc56

Thanks for the thoughtful answer. I totally get you.

This feels more personal, though I don't know why it should be a concern, but at the same time I used the Wapedia app to look up Tramadol side effects (suggested by my doctor for back pain). Suddenly my contact list is spammed with Viagra links. Possible connection?
Re: Argh spam sent from my email address, hacked? citahl 5/3/10 12:42 AM
my email was hacked 5-1-10 at about 1:35am can't access  it I don't remember when i opened it or if it was an invitation. All my contact a message saying i was stranded in the united kingdom to send money. I also have ad words can't access that either..I'm wondering if my phones google application had anything to do with it?
Re: Argh spam sent from my email address, hacked? Mike CH. 5/3/10 7:27 AM
Hi kelstation,

To clarify, using Droid or any other phone is unrelated to hijacking. The spammers have written automatic tools that log in to hijacked accounts, dump the address book, send a mail to all contacts and so on. This tool happens to identify itself to our servers as a mobile web browser and uses the mobile protocols because the mobile protocol is simpler for the spammers to "talk". There's no security problem that we know of with using Gmail from mobile phones.

Also there's no connection between what you may have viewed and the contents of the spam. 
Re: Argh spam sent from my email address, hacked? grsram 5/5/10 6:29 AM
Its my turn now to join this list.
One liner sent: http://hayesbyb62.chat.ru

Google 'Last account activity' shows this is done through Mobile, IP:Czech Republic (77.104.247.254)

Luckily google failed all the mails as they are spam.
Also disabled my a/c temporarily. Got it active now by changing password.
Re: Argh spam sent from my email address, hacked? bkc56 5/5/10 7:33 AM
Luckily google failed all the mails as they are spam.
Also disabled my a/c temporarily. Got it active now by changing password.


That sounds like the new tool Google put in place to try and temporarily lock accounts that have been compromised in this way.  It may not stop the hacking, but if it stops the spam from going out that will help a lot.
Re: Argh spam sent from my email address, hacked? jlcotton 5/5/10 8:23 AM
I'm suffering a similar situation as citahl above.  Had a friend call me to ask if I was in London.  Tried to access my google account and found myself locked out.  Whomever has hacked it is spamming all my contacts with requests for money. 
 
Tried to restore it using Google's compromised account form, but I cannot provide enough information to prove to Google the account belongs to me.  I get "We've completed our investigation and cannot return your account at this time. We were unable to verify that you own this account based on the information you provided."
 
I've had my account for approximatly five years with no problems.  However, since the account is so old, I cannot possibly remember answers to questions like the exact date I started using Gmail, or Calendar, etc.
 
Is there any recourse other than continuing to fill out a damn useless form?
Re: Argh spam sent from my email address, hacked? NOtoGOOGLE+ 5/6/10 11:00 AM
Of course it is a google problem! They won't admit it, of course, but they were compromised and now they want to blame the victims. Send an email to support, they send you back a generic letter to links that are of no help or relevance.  Don't you think that if they were making an effort...that they would at least contact the affected members to see what was happening?
Re: Argh spam sent from my email address, hacked? hacked23 5/9/10 9:17 AM
i know this occurrence has been posted many times on this board but just wanted to let people know this is still happening.

I logged in through a mobile interface yesterday at 6pm EST and within a few mins about 150 contacts received the following message:

subject:   hey ceck this out IlMN7
body:  You gkota see these prices! http://heatsummer.com

there is a new letter/number combination in all subject lines.
 
came from IP:  204.45.13.210
Re: Argh spam sent from my email address, hacked? Makavre 5/10/10 8:51 AM
As i came to work this morning, my gmail account had been suspended as was requiring me to verify using SMS
which i did considering this is my main email account. I check on the ip activity and there's a couple of suspicious addresses

Mobile Romania (85.121.181.141) May 9 (1 day ago)
IMAP United States (CA) (166.205.138.223) May 8 (2 days ago)

I immediately changed password and security question

The occurance that gave things away was a bounce back from an email that was sent to one of my contacts
containing a link to a canadian online pharmacy

(http://zidavubu.angelfire.com/)

I dont know if this email was sent to ALL of my contacts or which contacts in particular since there's nothing inside my "sent" folder.

Searched in all of the help section and there's nothing much one can do other than reset a password and report message a phishing attack.

I wish google would implement some type of restriction in which only pre-approved IP addresses are allowed to access ones account. 

:/
Re: Argh spam sent from my email address, hacked? cooncoon 5/14/10 7:44 AM
Not sure if anyone had the same problem.  One of my gmail account was hacked, it sent an email out about some Chinese electronics to EVERYONE in my contact.  Not only that, but google disabled my account and I now have no access what so ever!

Has this happened to anyone?  If so, what did you do to get your account back?  Please let me know!
Re: Argh spam sent from my email address, hacked? sallysbitsofclay 5/14/10 7:56 AM
cooncoon, the exact same thing happened to me, account was hacked and emails sent to everyone in my address book.  Only my account wasn't disabled.  I changed my password and transferred all the names in my address book to another account. It's happened to a lot of people with Google accounts, I don't think anyone has figured out what the problem is yet.
Re: Argh spam sent from my email address, hacked? cooncoon 5/14/10 8:06 AM
It's so annoying to have my account disabled, but I need that account back and I need to find out HOW!  I've used another email address to contact google, but they're not working very fast! ARGH!
Re: Argh spam sent from my email address, hacked? sallysbitsofclay 5/14/10 8:47 AM
I agree, it's VERY FRUSTRATING.  I have never had anything like this happen before, it's very strange.
Re: Argh spam sent from my email address, hacked? bkc56 5/14/10 9:18 AM
...I don't think anyone has figured out what the problem is yet.

That's not really true, the problem is totally understood - accounts are getting compromised and used to send out spam.  In addition, Google has added new safeguards to try and identify hacked account sending out spam and lock them as fast as possible to prevent much of the spam from getting out.

What isn't known, probably because there's no single answer, is what vector(s) are used to harvest the account names and passwords.  At this point, probably the best advice is to change your password on a regular basis (weekly, daily).  The goal is not to have some super long impossible to guess password (they aren't guessing it anyway) but to change it often enough that if it gets harvested it's changed BEFORE they get a chance to use it.
Re: Argh spam sent from my email address, hacked? hacked23 5/14/10 9:28 AM
For the recent people who had hacking issues, are you logging in via a mobile device?   For me, the spam emails were sent from my gmail account immediately after i logged into my gmail from my iphone.

I went to login in to my gmail again this morning on my iphone and also was prompted to enter my username/password again.   I just recently entered my username/login and usually those settings stick for a while.   I did not enter my credentials this morning and will not be logging into gmail via a mobile device anytime soon.
Re: Argh spam sent from my email address, hacked? Quikzilver 5/18/10 6:25 PM
I don't have a pc or laptop and I still got hacked or whatever they call it.  I do have a moto cliq with all my emails on it.  That being hotmail, yahoo, and two gmail accounts. Guees which two accounts sent out mass emails to my contacts.  Yeap the gmail ones.
Re: Argh spam sent from my email address, hacked? Bob65 5/20/10 4:19 PM
Same story here. 9:19 AM est this morning ip China (115.49.33.237) accessed my account and at the same time sent out two emails with 2 names and 10 names from my contacts.
The ip info comes from the activity info and the email info from my sent folder.
This was A Gift subject line email which contains a web site link www.ssnsn.com
I have changed my password and security question.
Hope this information helps
Re: Argh spam sent from my email address, hacked? RedSoxRobbe 5/20/10 8:21 PM
A friend of mine just had her account hacked. Same situation as several have listed. Email saying "stuck in London - please send money"...
The difference here was that the hacker began to IM contacts of hers that were online using G-Chat.  The hacker stayed online and actually had conversations with some of those he contacted. Luckily for the majority of people who were contacted - the demeanor and language of this individual was nothing like hers. Easy pick off as a hacker. This allowed then entire ordeal to literally last for a mere 2-3 hours before Google replied based on the MASSIVE security recovery form, shut down the acct. and allowed her to get back in and change everything.

What I can't seem to understand here is that the choices should somewhat be up to us - the consumer...

My take on this:

Google - you can't waltz into the Google IO and talk about Google TV and the future of Google Apps when they can't even securely lock the front door.

1) If we want Multi-Factor Authentication - then let us pay for it and get it set up. It's not the end-all for security - but when faced with a list of potential targets and a hacker runs into some multi-factor authentication - they may move on to the next easy target. World of Warcraft even uses multi-factor authentication with a keychain key generator you can buy for $6.50. Sure - it could still be hacked (and has) but give the hacker roughly a 30 second window to log onto your account and change it before the stolen authenticator number expires. Then the process has to occur again - completely new number. With easier targets and the potential for discovery being HIGH - they may move on (unless your Paris Hilton). Heck - Google LOVES to splash their logo on everything - splash it on a Keychain or CreditCard Authenticator and now they have more free advertising. 

2) Once an account it locked out, the methods to get it locked down are distant at best. The HUGE red flag that Google should consider (easy fix here), is that the recovery email address should NOT be allowed to be changed simultaneous to the password. FLAG! Instead, if the password is to be changed, the give the user the choice to determine how. A) Recovery Email, B) Mobile C) Ridiculous Question D) Multi-Factor Authentication - Also - place a time span between when the two combined can be changed.

3) Allow users to opt in for an alert ANY time a password (or Google Account Info) is attempted to be made (I remember this in the early 2000's from some site!). Alert could be set up as the user required (simple rules). 1) Password change requested 2) Password Change Placed on Hold 3) Alert Sent (alternative email, mobile, land-line, carrier pigeon?) 4) Authentication code (selected once - and NOT maintained in the Googleplex) used 5) Password Changed. Seems crazy? Read the previous 7 pages of posts to reveal that the time has come. Make the alerts Ala-Cart so the USER can decide how often they want to be bugged about changes.

4) IP filtering... Let the user set up a area/range that they plan to connect from. - Google Field: Log-In Location/Area? It's pretty easy to determine the region or city http://www.find-ip-address.org/  If the accepted region is not on the users list - NO ACCESS!  If they plan travel - change the region/city. A single IP that comes from outside the range should a) lock outgoing mail and ability to view mail at a minimum b) lock the whole account down until verification can be obtained. (again - let the user decide how they want to be inconvenienced). In light of the many recent hacks - many would give up some freedom for the added layers of security.

There are two aspects to the simple kind of security we're talking here.
a) Locking the Front
b) Setting up the burglar alarm

Right now the alarm does not seemed to be armed, and while the front door is locked - the windows are all open!

I see lots of posts pointing fingers - but lets help solve the problem here - there are FAR more intelligent users of Gmail/Google than there are developers who have been assigned to tackle this problem. =) Lets hear some more ideas!

/r
Re: Argh spam sent from my email address, hacked? Kelemvor 5/21/10 4:52 AM
One very easy solution would be to simply let me specify IP ranges that my account can be access from.  If I'm in the US and only use a connection at home and at work, let me specify those numbers.  Then anyone using an alternate IP wouldn't be able to get in no matter what.

Or even do a more general thing and only let IPs from the same country access it.  That would at least help in the short term as well.

Seems pretty simple to me but something needs to be done.
Re: Argh spam sent from my email address, hacked? gdunaway 5/22/10 1:53 AM
I was hacked by "The gift" message. I first appeared as  text message on my iphone. Apparently sent about 500 messages before shutting down.


Re: Argh spam sent from my email address, hacked? lux_orange 5/22/10 8:56 PM
I've been targeted with the "teary eyed and robbed in London" (:) scheme. My account was being accessed from Nigeria through the web interface. I guess my answers to the recovery questionaire were spot on so I've been lucky enough to retrieve my account within 30 mins.

Anyhow, I've scoured my systems for malware and viruses with nothing showing up - as many others have reported here. As bkc56 has pointed out, this probably is not related to malware / viruses on our machines.

The distressing thing is this: I don't know what I could have done differently to avoid this thing 100%. Sure, I will stop using a master password, even if a very strong one. And sure, will start using a unique and very strong one for GMail. And I will be more cautious with public WiFi, even if I cannot understand why; since gmail is now by default on https.

But since the "leak" source is not clear; I second many of the pre-emptive solutions that RedSoxRobbe has listed above. There should be work arounds and safeguards even at the expense of end-user convenience...

To chip in to the "how does it happen" brainstorm... OK. What have I done in the past week? Well, for example, I have created two new accounts on two different pro audio forums. I've used my GMail account, my typical forum nick, and my (now obsolete) master password that was key to GMail as well. Now is there a chance that some guys out there are crawling for forum user creation routines to snacth credentials? If that is the case, I am sure many forums are less secure vis-a-vis GMail. Could they do that?

Anyways, I really second RedSoxRobbe's suggestions. I think Google should start seriously considering solutions that pre-emptively safeguard accounts.
Re: Argh spam sent from my email address, hacked? Mike CH. 5/25/10 7:49 AM
Hi guys,

Just to repeat things mentioned earlier in this mega-thread:

Yes we know it's happening, that it's distressing, and that we're not good enough at stopping enough hijacking right now. No excuses for that - the extremely sudden growth in hijacking took us by surprise, and we can't implement all the needed solutions immediately.

That said, I think RedSoxRobbes suggestions are excellent and in fact we've discussed all of them in the team some time ago. Some of them we're working on already, others have issues but there are alternatives which will accomplish the same thing.

If you keep an eye on the Gmail Blog, you will see when we make announcements about improvements to our hijacking protections.

As to immediate solutions you can use: right now the best way to avoid it happening again is to follow the advice from bkc56 - changing your Gmail password regularly is an excellent idea. It does not need to be a great password change - simply incrementing a number onto the end of the password is going to be enough to stop these guys as they don't guess passwords, they steal them. Other things are to avoid potential sources of virus infection like pirated software/movies/etc and uninstall software you don't use. You can read some recent news on one way people get viruses here:


In particular note the software that is being discussed in that article and if you have those programs installed, evaluate if you really need to.

Hope that helps.
Re: Argh spam sent from my email address, hacked? greifj 5/25/10 1:37 PM
exact same thing happened to me this morning as happened to Obi-Wan:

"My account sent 100s of e-mails with a single URL in the body, no subject  (http://*.angelfire.com/).  The e-mail appears to have attempted the entire list of accounts I have ever sent an e-mail to.  Many of those accounts are no longer active, so I got about 170 or so bounce backs. "


this has never happened to my account before...if there's any info that i could supply that would keep this from happening, please let me know.
Re: Argh spam sent from my email address, hacked? Obi-Wan 5/25/10 3:59 PM
greifj:

Password change is the ticket.  Seems like a pain, but it is a very good security practice anyway.  The key is to not let your account password get stale (or old).  For ALL of your internet accounts....

As mentioned by others, this likely comes from stolen passwords, not "guessed" or "hacked", rather your password (and account) is "hijacked".

Simple password change stops it because the hijacker does not have your new password....

Then to remain vigilant, change your password more often (in-case your password gets stolen/hijacked again).

+1 for RedSoxRobbe.  Same things discussed amongst peers here as well.
Re: Argh spam sent from my email address, hacked? squilk 5/27/10 4:18 AM
Something that would help very much (I am having a somewhat similar issue, a suspiciously changed password) would be more security monitoring features for the user.

An access log would be one thing: what IPs have done what.  Password changes.  Numbers of failed logins could tell if someone was hammering your account.

According to Eric Schmidt, those who have nothing to hide have nothing to fear.  Why not allow the users of your otherwise excellent services to have access to the information they need to make informed judgements about security compromise?
Re: Argh spam sent from my email address, hacked? Craig in NJ 5/28/10 9:06 AM
FYI -- I have seen many people affected in the same way on all major email providers (gmail, yahoo mail, msn, aol).  All have used their antivirus and antispyware, usually best-in-class software, and none has 'found' an infection, and their problem usually returns as soon as the next day or month later.
 
Because of this I suspect the problem may be browser hijacking.  This could include a browser plug-in, altered start page setting, altered 'hosts' file setting, altered proxy setting, or even altered 'page not found' redirection.  These kinds of things might not be detectable by antivirus/antispyware programs because they aren't really programs.  They never need to really know your password because they can simply hijack your browser to access your webmail since most people don't "log out" of their webmail like the would on a public computer because they assume nobody can control their own PC's web browser.  If browser hijacking is the cause, you may have to no only change your password but simultaneously fix all the places that the 'infection' it could lurk without being detected and maybe even disable scripting (javascript, activeX).
 
Unfortunately, I have searched for hours and have been unable to find the magic key words to google for web article that knows for sure the root causes and cures.  (It's hard to google for something when the symptom is a message with no subject and just a changing URL in the body -- there's no specific word or unique consistent string of characters that can serve as a unique key word for Googling to jump to specific articles that answer the problem.)  Maybe someone else will have better luck.
 
Craig in NJ
Re: Argh spam sent from my email address, hacked? lux_orange 5/29/10 9:55 PM
Well, if this is about account hijacking through the browser; or even if that is a very likely scenario, does it not make sense to stop using the webmail interface? As much as I would hate doing that (I don't think any desktop e-mail client matches the speed and convenience of the GMail web interface), maybe reading mail locally is a safer option? 

So if that is the case, would the safer option be POP or IMAP when accessing GMail servers from an e-mail client instead of a browser?
Re: Argh spam sent from my email address, hacked? bkc56 5/29/10 10:16 PM
Well, if this is about account hijacking through the browser...

I don't think browser hijacking is any more of a risk than any of the other password harvesting methods.  With proper anti-virus and anti-adware/malware scans of your computer the threat is much lower.

...would the safer option be POP or IMAP...

If I was going to pick, I'd use POP because that's a download-only protocol.  You can't send spam or do other damage to the account with POP.

That said, I still use the web-interface exclusively.
Re: Argh spam sent from my email address, hacked? lux_orange 5/30/10 12:09 AM
I don't think browser hijacking is any more of a risk than any of the other password harvesting methods. With proper anti-virus and anti-adware/malware scans of your computer the threat is much lower.

Here is the problem, though. What are the other harvesting methods? I mean, really, after this hijacking happened to me, I ran all the scans; zilch, nada. So if there is not an ultra-super-genious cross-platform (I'm on a mac) new keylogging trojan or something of that sort; what is it? Just how do these guys harvest these passwords in a fashion where they have cross-platform access to many web services along with GMail and on all client-side browser and OS platforms. To my mind, the pervasiveness of the access hints at a server-side compromise. You guys have repeatedly stated that you don't belive there is any problem with the security of your cloud services. So no virus/spyware/malware on the client side + no problem on the server side. So just how is it that the passwords are being harvested? It's as if there has been a leak from the NSA or something! Or the Google signature servers have been very quietly sabotaged from the inside along with Yahoo et al! You see when you have double and triple checked your services, and we the clients have done the same to find that our client systems have not been compromised either; the mind starts spinning conspiracy theories... 

If I was going to pick, I'd use POP because that's a download-only protocol. 

What interests me is; if I revert to a desktop e-mail client with POP access; will I lower the risk of being hijacked again? That is the main issue for me. Otherwise I would actually hate going back to desktop based e-mail!
Re: Argh spam sent from my email address, hacked? bkc56 5/30/10 7:56 AM
Let me start by saying that I have no insider information.  These are opinions based on lots of stuff over the years.  That said:

will I lower the risk of being hijacked again?

Probably not because I don't think that's a main password harvesting vector


What are the other harvesting methods?


The following is not a complete list, but I think it covers many of the common vectors used.  This is actually updated from the copies I've posted before.

Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing

 * Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
 * Never respond to an e-mail that requests your login:password.  Never follow a link that doesn't go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
 - Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
 - Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
 - Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
Common password usage
 * Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
 * Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
 - Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
 - Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a "junk" e-mail address for all forum/web-site registrations so it does not lead back to your primary account.
Failing to log out
 * Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
 * Always close your account when you walk away from your computer (even at home for some people).
 - Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154
Browser auto-fill enabled
 * Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
 * Never use the browser's auto-fill capabilities unless you're on a 100% private, secure, and trusted computer.
 - Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095
Keylogger
 * Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
 * Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).
Trojan/Virus/Malware
 * While not strictly used to steal an account, could do damage to your account or use it to send spam while you're logged in.
 * Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of adware/malware type scanners is good too.
 - Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
 - Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760
Browser Hijacking
 * Virus-like modifications made to your browser that modify it's behavior or track browsing activity.
 * Typically not identified by anti-virus software and requires more specialized anti-malware/adware scanners to detect and remove.
 - Additional information:  http://www.2-spyware.com/browser-hijackers-removal
Password guessing
 * A brute-force method of guessing someone's password, made easier if they know you in real-life, especially if you use a weak password (like a kid's or spouse's name).
 * Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
 - Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Server attack
 * When someone compromises a company's server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
 * Nothing you can really do about this except deal with only reputable companies with good privacy policies.
Network packet capture
 * Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
 * Very little you can do about this except avoid using any unsecured wireless networks.

Re: Argh spam sent from my email address, hacked? heniper 5/30/10 6:53 PM
Last 2-3weeks ago I received an alert from gmail that my account has been accessed from the US though I am in Asia.  I decided to change my password.  Is that enough?

Then just this morning I received a mail that is quite suspicious to me thus hoping for you to clarify if it really came from gmail since it is asking for my account information.  Does Gmail really do that?

This is the message:

realgmailacctownerverizona team <gogllemailde...@gmail.com>
to
dateMon, May 31, 2010 at 1:17 AM
subjectYour Details
mailed-byhotmail.com

hide details 1:17 AM (8 hours ago)

As a result of malicious activities encountered by Google database systems, Google team want to upgrade the database systems. We therefore require you to verify your account with the details below in order not to lose your account permanently. If you are still interested in using our webmail services, please provide us with the full details below for proper verification.

 

Full Name-                    
Password-
Phone Number-
Country-

Thanks for using Gmail!!!


Re: Argh spam sent from my email address, hacked? bkc56 5/30/10 11:58 PM
heniper,

It's a phishing scam trying to steal your account.

Phishing scams include e-mails that request your login:password information, or links to fake web-sites that ask for your login:password.  For web-sites, the printed link may look valid but the actual link could go someplace different.

You can ignore it, use the drop-down menu next to reply to "Report Phishing", or use the following form:  http://mail.google.com/support/bin/request.py?contact_type=abuse_phishing

Note:  a simple forum search would have turned up dozens of posts about this same e-mail.  Search is your friend.


For more information see: 
Messages asking for personal information:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
Avoiding Scams:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
Reporting suspicious messages:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29381
Re: Argh spam sent from my email address, hacked? lux_orange 6/1/10 12:20 PM
Hey bkc56 - I think what you have listed as possible vectors is a nice list for reference.

That said, I honestly, don't see myself having fallen for any of the listed traps. And as I mentioned before virus/malware scans turned up nothing. As a rule I know that no serious service provider ever asks for credentials over e-mail so I disregard such requests right away. My "faulty" behavior was using a common password even if  a strong one. Mind you that I do not use Facebook, Twitter, MySpace or other social networking sites. My common password was servicing Gmail, some online forums that I rarely post on, and lots of retail / commercial services logins.

So unless I was tricked into logging into Gmail (or other site) through something other than the native Gmail (or other) login screen and pipelined back into Gmail (or other site) while my credentials were being snatched, I don't see how I might have given away my strong password. Could this have been an option? I thought of this option because now I remember Safari spitting out a couple of warnings about the security certificate while I was logging on to Gmail. I ignored those thinking Safari was acting stupid, trusting Gmail. But could that have had something to do with the hijacking? 

In any case, to minimize tracking exposure, I decided to use Chrome as an exclusive Gmail client. I will not use it for any other purpose so there should not be an accumulation of foreign tracking cookies etc. But oddly, Chrome is showing a warning sign on the address bar of Gmail. It says that the certificate is valid and there is 128 bit encryption but adds "However, this page includes other resources which" and then I can't read any further! What to make of this?

Finally, let me make sure that I am not trying to bash / attack / push blame etc. I am trying to be constructive and get to the bottom of this problem while being honest about what I do not think could have happened. 

Cheers.
Re: Argh spam sent from my email address, hacked? bkc56 6/1/10 1:43 PM
Yes, it's possible you hit a fake site at some point.  Fact is, most people will never know how they got harvested because, by definition, a successful harvesting is one where the user doesn't know it happened so the don't go change their password.

This is even more try for phishing.  I figure a lot of people get their password harvested by phishing and they never realize it happened.  "I never respond to phishing attempts".  Well of course not, no one does.  It's the one you didn't realize was phishing that got you.
Re: Argh spam sent from my email address, hacked? lux_orange 6/1/10 2:01 PM
Yeah well, the idea that, it is even possible that one could be screwed over while trying to log on to Gmail is very disappointing and frightening. So you just confirmed the possibility that some hacker out there could have:

1) Taken over my request for www.gmail.com
2) Showed me either the real Google log-in page or something very akin to it that I didn't realize it was fake,
3) Snatched my credentials while at the same time pushing them on to the real Google service,
4) Let me log on to the real thing afterwards.

So you're saying that this is possible ha!

And also, I will maintain that I haven't fallen for any trivial phishing attempt unless it was something as elaborate and "seamless" as what I outlined above. As much as you would like to innately protect Google's ground by pointing the arrows towards unsuspecting users that have been had, I would like to maintain my ground and insist that I have not fallen for any "please send us your credentials" type attempt!
Re: Argh spam sent from my email address, hacked? bkc56 6/1/10 2:45 PM
So you're saying that this is possible ha!

With browser hijacking, yes.  But that's an incursion of your computer.  If your computer is breached, then all bets are off.  This includes both an programmatic breach (virus, malware, adware, keylogger, etc) or a physical breach (leaving it logged in someplace where others can access it).

... I would like to maintain my ground and insist that I have not fallen for any "please send us your credentials" type attempt!

No need to get defensive.  I wasn't saying YOU had, but that it's a lot more common that people want to believe.
Re: Argh spam sent from my email address, hacked? lux_orange 6/1/10 3:19 PM
With browser hijacking, yes.  But that's an incursion of your computer.  If your computer is breached, then all bets are off.  This includes both an programmatic breach (virus, malware, adware, keylogger, etc) or a physical breach (leaving it logged in someplace where others can access it).

We are running around in circles. To this, you know that I will repeat that I haven't found any programmatic breach on my computers and haven't let my open session lying around on a public computer etc. You know the drill. This back and forth seems inevitable for some reason and is not helping. 

In my previous posts I asked about "forum credentials crawlers" and the Safari (and Chrome) warning about the Gmail security certificate. No comments on those?  

At this point I am still scratching my head. Because I still can't make sense of the attack I received - still don't know what I might have done better except for "change password every week". But that does not seem to address the issue fully either. I, and I believe even you guys don't know what exactly causes these massive hijackings. That is why I am raising some ideas from my own experience like the forum crawler thing or the Safari security warning. I do this because I don't see what could have compromised my security in the list you provided. And I don't have anything else but my own computing experience to refer back to.

It's such a nasty feeling, not knowing how you've been compromised! So yeah no need to get defensive, but also no need to accept to something I don't think I've done. But again, at this point this does not seem to help.
Re: Argh spam sent from my email address, hacked? bkc56 6/1/10 3:35 PM
No comments on those?

Don't know enough about them to comment.

...you guys...

I'm not sure what "guys" you're talking about, but realize that I don't work for Google nor even play a Google employee on TV.  I have no idea what "those guys" know about all this stuff, but I'll bet a lot more than I do.

Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 6/1/10 5:06 PM
A recent example of a type of phishing is this... let's say site "A" is "infected"... let's say site "A" is a news site, showing you an interesting article you opened and plan on reading later. Site "A" is open in a tab, but this tab is not currently the active tab.

While still an inactive tab, site "A" (due to infection) changes the favicon for that tab to the Gmail favicon, then loads (in place of site "A") a page which looks EXACTLY like the Gmail login page, claiming your session has timed out and requires login.

What a user would see is:

1) A tab in the browser.
2) The tab's favicon shows the usual Gmail icon.
3) Switching to the tab shows the familiar Gmail login page.

If you think too quickly and often have Gmail open in the background for various reasons, you're likely to see this tab... switch to it... see that the Gmail session has timed out or is requiring your login... then type in your credentials quickly and wham, you've been hit.

This is yet another variant on the same old tricks.

Re: Argh spam sent from my email address, hacked? lux_orange 6/1/10 5:41 PM
RE: bkc56. So you're here responding to all of these questions and issues with no strings attached to Google and of your own free will? Impressive if that is the case and apologies are in order... 
Re: Argh spam sent from my email address, hacked? bkc56 6/1/10 8:32 PM
lux_orange, everyone on this forum who isn't identified as a "Google employee" is just a volunteer trying to help others who are having problems.  "Top contributors" are simply people who have been here longer trying to help more people.  Sometimes people will even be appreciative when they're stuck and someone makes a suggestion that actually works for them.
Re: Argh spam sent from my email address, hacked? lux_orange 6/2/10 1:42 AM
bkc56. cool. well, it seems you have picked for yourself the tough cookie that is hijacking and the related security issues. and that while Google itself is not able to respond with any certainty to this issue...good luck with that. 
Re: Argh spam sent from my email address, hacked? andy-uk 6/6/10 6:14 AM
This has just happened to me as well, account accessed from Indonesia last night at 1:40am and spam sent to all my contacts.  The email itself was the Canadian Health Care Mall one that many other people have been seeing.  I'm pretty careful about security, only browse with Chrome, keep OS up to date, always use anti virus, etc.  I do use Android and wondered if this could have been the cause, especially since it was the Mobile interface that was used.

At the moment I'm guessing the most likely cause was that my password was not unique to google and I had used the same password on other sites and one of those has been compromised.  The password itself was reasonably good, i.e. not a dictionary word, so I doubt its just been brute forced.

Although at the same time this doesn't seem to explain the large numbers of users who are experiencing this problem.
Re: Argh spam sent from my email address, hacked? JohnW2 6/6/10 7:59 AM
Very few users will have courage that you've had to admit that their password was not unique to Gmail, in spite our pleading with people to make it so.
Since it is your only security feature, it really is important to make that security as robust as possible - and that's best achieved by making it unique.

I also try to encourage users to use Gmail Backup - a non-Google program - to keep a full backup of all their message data on their own hardware. This would enable them to restore their messages in the even that they get wiped out. An Exported copy of the Contact data saved to the same place would also serve users well if their Contacts were wiped out. And since it doesn't actually cost anything (apart from the cost of any storage hardware) it would seem to be a good investment!!
Re: Argh spam sent from my email address, hacked? Mike CH. 6/7/10 9:43 AM
andy-uk, from what I can see if your account we should have blocked nearly all the spam. You may have received a lot of bounces as we prevented the mail from going out. Did your contacts get in touch to say you spammed them? If so, were there many?

Re: Argh spam sent from my email address, hacked? andy-uk 6/7/10 1:02 PM
Hi Mike,
By tracing through the sent emails + the bounces I was able to establish that only 3 real people actually got spam (all of them friends, rather than work contacts) nobody has mentioned that I spammed them so I'm guessing that their spam filters blocked the emails.
I was actually quite impressed that google stopped about 90% of the emails from going out and locked down my account within 3 mins of it starting, I suppose I've got that to be thankful for!

Re: Argh spam sent from my email address, hacked? RedSoxRobbe 6/8/10 8:44 PM
I've noticed since December - there is a flood of videos on YouTube showing email accounts getting hacked.

<SPOILER ALERT - THESE MAY CAUSE YOU TO DELETE YOUR ACCOUNTS ASAP>

Server Decryption:

Brute Force:

Interestingly enough - many of the posters here - have reported not being side-railed by Phishing Scams, Changing Strong Passwords Regularly, and avoiding situations where they could have been compromised. How else is this happening then? The videos do create the 'illusion' that seems to match the symptoms....

What does Mike CH have to say about these (yes, lets assume the products in these video's are effective Trojan delivery vehicles... But none the less - you can't always fall back on Phishing as the excuse)? Does Google store passwords encoded where they can be queried and subsequently decrypted? If that is the case - why are we even arguing here. Time to give up on Gmail, Yahoo, Facebook, Twitter and MSN as all the videos seem to target those services.

/r
Re: Argh spam sent from my email address, hacked? Mike CH. 6/9/10 3:17 AM
Hi RedSoxRobbe,

In the past every such tool we looked at was fake/a virus delivery vehicle. You acknowledge that yourself. But let's take a look anyway.

Four of these are all part of the same traffic pumping scam. As you can see the comments are the same. Clicking the link to download the tools takes you to a standard affiliate scheme called "sharecash". There is no such tool. It's just a trick to make you fill out free ipad surveys, etc. This sort of scam is going on for a long time - we try to crack down on it on YouTube when we find them. It doesn't have to be gmail hacking tools on offer - pretty much anything people might want badly enough will do. And of course by the time you discover the thing you want is fake, you already completed the task and the spammer got paid. One of them is a variant of the same scheme that additionally goes via a "linkbucks" redirector. The point is to confuse our anti spam systems. It bottoms out at sharecash again.

One, titled "hacking gmail password in 10 seconds" advertises a tool that I downloaded and may look at later, but every single comment on the video claims it either doesn't work or requests a product key. 100% certain it is also a scam of some kind. Certainly if somebody were to build some kind of gmail password cracking tool it wouldn't look anything like the one in the video.

The last video is different - it's not a scam. It's just somebody who doesn't understand how Gmail works. We block attempts to guess lots of passwords for an account. After a few tries we start requiring the user to solve one CAPTCHA per password attempt. His demo video has the correct password in the 4th place in the list, an actual attempt would be incredibly lucky to guess the password after only four tries. Loading a real word list into that program would result in no successes, even if the password was in the list somewhere.

The reason you see videos advertising such tools for every service is that there are no such tools. It's just another scam. Don't fall for it.
Re: Argh spam sent from my email address, hacked? chickenunderwear 6/14/10 3:27 AM
Can anyone help me.

On June 3 my Google home page alerted me that someone accessed my account in Nigeria.  (I am in Brooklyn, NY).

In sort, I sent an email to every contact I had saying I was  on vacation and in need of help and all my emails were being forwarded to a yahoo account that was not mine.

I was able to fix that,  then my password was changed and so was my recovery address and my reset password question.

Is there any way I can get access to my account back?  My blog, my picassa photos, my you-tube, my contacts, my adsence, etc.

I have done this

4 or 5 times a day for 10 days, I keep getting told to try again in a few days.
Re: Argh spam sent from my email address, hacked? bkc56 6/14/10 9:16 AM
chickenunderwear, you've already got a thread over here:

http://www.google.com/support/forum/p/gmail/thread?tid=6fa4e0b1f1aae8cf&hl=en

Cross-posting duplicate threads will not help you at this point.
Re: Argh spam sent from my email address, hacked? shootingsupply 6/28/10 11:34 PM
 Not to rewrite what others have said, but this is a Google problem. Not a virus or worm on your computer. I had the spam message sent to all my contacts the were listed in my Google mail account. These were done when my computer wasn't even on. I changed my password and deleted all of my contacts that were on the online mail box,(so I thought). Evidently I missed deleting a few on the contacts. The spaming happened again, but only to the contacts I forgot to delete.
 I guess all this will continue until Google fixes it. Nothing a user can do except clear your contacts on your online Gmail box.
Re: Argh spam sent from my email address, hacked? bkc56 6/29/10 12:17 AM
Not a virus or worm on your computer.

Very few people have suggested a virus or worm.  What is actually happening is accounts are getting compromised (passwords harvested) and accessed by someone else to send out the spam.  That's why it can happen when your computer is turned off.

In your case (the spamming happening twice) your account was not properly re-secured after the first compromise so someone used it again.  That's not Google's fault.

It may feel good to blame Google for stuff, but I'm afraid that solution will be less than effective at protecting or re-securing an account.
Re: Argh spam sent from my email address, hacked? sallysbitsofclay 6/29/10 5:22 AM
I agree with shootingsupply. I changed my PW immediately and  I cleared my address book and it remains empty. Don't use my google mail for business anymore.
Re: Argh spam sent from my email address, hacked? bells4her 7/2/10 7:03 AM
I had an email sent from my gmail to every one of my contacts, which sucked enough, but now all of my contacts are gone too. Not only that, but I had my gmail synced with my phone (Samsung Moment with Sprint service) and not only are all of my email contacts gone from there but all the phone numbers too. I have gone through and changed my password and my Vacation notification setting (which was set to reply with that same spam message), but now my phone is acting strange too, saying it needs to download new things (radio something?? what??) on top of the fact that I've lost all phone numbers and emails of all my friends and family.
 
This is the email:
Hello
How are you doing recently?
I found a shopping site. The price is cheap, you can use paypal, credit cards. Very convenient. Their website is   www.dicbuy.com
Please take some time to have a check ,there must be something you 'd like to purchase .
Hope you have a good mood in shopping from their company !
Best Regards!!! 
 
It was sent at 4:18 am, Jul 2. Activity on my account shows Access Type: Browser, Location: China (115.49.37.57)
 
There were also some other different geographic locations (I'm in north carolina) since 6/24/10, such as GA and FL all with IMAP connections, but I don't know if that's just my phone accessing my gmail or what.
 
I guess at this point I need to call Sprint to find out what I might need to do with my phone and if there's any way to get my phone numbers back, but does anyone here have any suggestions other than what has already been said???
 
Thanks......
(unknown) 7/4/10 11:00 AM <This message has been deleted.>
Re: Argh spam sent from my email address, hacked? KBFitz 7/4/10 1:59 PM
Stick with it gmac. I see from another thread you started that you're on your 3rd attempt, but also that your account was actually deleted by the miscreant who had physical access to your machine. If your entire account was indeed deleted (rather than simply having your password changed), it may not be recoverable. But from my experience, the more detailed you can be about critical recovery information, such as your recovery email address, date you started using gmail and who invited you, the better your chances. It took me three tries too. The Google response took nearly 3x longer to reply to my third attempt (5 hours), perhaps because Google staff needed to evaluate the much more accurate information rather than being rejected by an automated screen. So hang in there -- it's an awful time to be in this predicament--in the middle of a 3-day holiday weekend. But if you've nailed your critical info and your account still exists on the servers, you stand a good chance of getting back the keys to your kingdom. Good luck.
Re: Argh spam sent from my email address, hacked? spfsevent 7/5/10 11:48 PM
Please help me! I got this email and I thought it was Google. Now they're sending email using my name!


Due to the anonymous registration of Gmail accounts so we are shutting down some accounts that are not updated regularly.We are sending you this Email so that you can verify and let us know if you still want to use this account..

User Name: 
Pass word: 
Birth date: 
Country: 
 
Warning!!!! Account details not received within 72hours will be automatically shut down and closed permanently.

- The Gmail Team

Please advise how i can recover that email! I have proof of contacts and email mesages. Please help!
Re: Argh spam sent from my email address, hacked? prince.string 7/6/10 10:25 AM
I had an account which was hacked. The thing is when i try to use password recovery page it says account does not exist. But at the same time I m unable to create another account with the same user name. I mailed google password recovery option but never got any reply. Any help??ASAP

I



Please Also Include:
Operating system (e.g. WinXP): 
Program and version you use to access Gmail (e.g. Internet Explorer 7:  chrome
Eset
Re: Argh spam sent from my email address, hacked? bkc56 7/6/10 10:52 AM
The thing is when i try to use password recovery page it says account does not exist.

That often means the hacker deleted the entire account when they were done.  In that case, your only option is the Account Recovery Form, so start using that.
Re: Argh spam sent from my email address, hacked? prince.string 7/6/10 11:01 AM
okies bro using that 3rd time. Letc see if any of you big guys can get another option till then will be doing what you say
Re: Argh spam sent from my email address, hacked? ___Keith___ 7/6/10 9:51 PM
My account was hijacked this morning and used, at least, to start sending spam to people in my address book with a hyperlink to someplace in Russia.

I'm pretty careful.  I do not consider it impossible that I lost my account password - but it's unlikely.  The two things that happened yesterday that were unusual for me is that xmarks updated they're add-on in firefox and I created a public YouTube playlist.  I use gmail from my HTC hero on Sprint as well.

Google caught the activity and locked-down my account quickly - which is good.  I don't know how I lost it in the first place, which is bad.  Changed passwords, boot-scan all my machines.  Wondering about the consequences of someone having access to all my saved mail, google docs, .... scary
(unknown) 7/7/10 12:27 PM <This message has been deleted.>
Re: Argh spam sent from my email address, hacked? vickeya 7/10/10 8:51 PM
Just got hacked. Luckily caught it due to a bounced message! I'm in NY. This address was used:
Browser United States (NY) Deleted 11:02 pm (29 minutes ago)
Browser Puerto Rico (24.54.252.71) 10:39 pm (53 minutes ago)
Browser United States (NY) Deleted 10:33 pm (59 minutes ago)
Re: Argh spam sent from my email address, hacked? joshuaeng 7/10/10 10:18 PM
my account was apparently hacked into by someone from colombia.
They attempted to send out a spam email from my account but it was rejected
 
How does something like this happen??!
Did they look through my inbox?
HELP PLEASE
Re: Argh spam sent from my email address, hacked? bkc56 7/10/10 10:23 PM
How does something like this happen??!

Take a look at this for some ideas:  http://www.google.com/support/forum/p/gmail/thread?tid=7735f5c368fb648b&hl=en

Did they look through my inbox?

Without knowing more about what happened, it's impossible to guess.  But you might as well assume they did and respond accordingly.
Re: Argh spam sent from my email address, hacked? joshuaeng 7/10/10 10:27 PM
It appears that the email bounced and my account was disabled. I had to be sent a code over my phone to reinstate my account. does that mean google caught this, forced the hacker to sign out and bounced the attempted email?
 
I'm positive i didnt give my password in any way and it is not a simple password. Isnt it only logical that there is a security hole somewhere?
 
based on these forums it appears to happen to a lot of people.
Re: Argh spam sent from my email address, hacked? bkc56 7/10/10 10:57 PM
does that mean google caught this...

Yes, the SMS recover method means that your account was compromised, used to send spam, and locked by Google to stop the spam and (hopefully) protect your account from any further damage.


Isnt it only logical that there is a security hole somewhere?

Yes, in some site you visit, or someplace you registered with your e-mail address, or any of the other things listed in that link.  Your password got harvested.  Most people never figure out (or never admit to) how it happened.
Re: Argh spam sent from my email address, hacked? Robearski 7/13/10 9:10 AM
My wife's account was accessed several weeks ago from Germany (we are in the USA).  The red bar popped up telling her this but then went away and we forgot about it.  Then 2 weeks later, her password was changed and the hackers sent out a "I'm stranded send money" scam. 
 
I was able to get control of the account again but all of her contacts are gone.  Does anyone know how to get them back?  I thought they were stored on google's servers so they could be retrieved?     Thanks!
Re: Argh spam sent from my email address, hacked? bkc56 7/13/10 9:48 AM
Does anyone know how to get them back?

Deleted contacts/groups can not be recovered (if by Google's servers, you mean your account, then yes, but once deleted, they're gone).  If you ever used Export to save a copy of your contacts to your local computer you can use Import to restore them.  Otherwise, you'll need to re-create them manually.

I'm afraid forgetting to deal with that red-bar warning turned out to be costly.   :-(
Re: Argh spam sent from my email address, hacked? RedSoxRobbe 7/13/10 10:31 AM

Dear Abused and Seemingly Forgotten Google Community,

I find it interesting that folks are still getting hacked and Google is still not responding with better account controls with the amount of information present in this and many growing posts just like it. The Gmail Blog indicates fluffy new features like "HTML5 features now in Safari", "Rich Signatures", and "Granny's Guide to Video Chat".  But no work or progress in the areas of security? The main Google Blog is no better.

We (the community) have basically listed tons of ways to accomplish this, and have even had an occasional Google employee voice that this might be happening in the background, but the focus is on "Rich Signatures"? For real?

I'm concerned about the future of Google Accounts and the new arena's that are being considered by Google. Google Me, Google Music, Google TV, and Google Games? With these services comes a greater need for security as Gmail accounts will in most cases carry access to financial information. Services that bridge the gap between media (games, movies, music and TV) and our credit cards. Or how about watching cartoons with your children on Google TV, and porn suddenly pops up on the screen as an option YOU DID NOT SELECT as a channel.

For all of those paying attention, this is far beyond your Gmail accounts - this is your global Google presence.Your Digital Worth... For businesses in Google Apps, this is financials, proprietary information, and their livelihood. For all the rest at home, this is as big if not larger than your medical records, social security numbers, and private lives... The world is heading in that direction (All Digital, All the Time), and while you could live on a farm with no electricity in Nebraska, I'd venture to say most will not.

There are many services I would be willing to pay for to secure my Google Account more than what is basically offered, and yet, how many VeriSign/Google initiatives or the like have you heard about? I want to see more talk in Google Forums about security, and more action on Google's part.

I don't want to know you will flash a "red box" that says my account is being accessed in an area I am not in globally, I want Google to allow me to set up as many security hoops as I desire (akin to a slider low - moderate - high) so I can feel confident that while my account may be harder to use by me - it's relatively secure. I'm not sure anyone here can say that they feel confident in Google's security, and I'll bet many are checking their log-in IP's and just waiting for when it could and will happen to them. Why should we help generate revenue for Google and be made to feel potential account disaster is at our doorstep? That's like driving a car with a 'check engine" light always on. Something is bound to happen and you don't know when or to what extreme that it will.

Please, all I ask Google to do is focus less on the whip cream and more on the recipe and ingredients.  I love to hear arguments of "Boy, asking a lot from a free service... aren't you?", but folks it is NOT free. We provide data to Google which is in turn used to generate incomprehensible amounts of revenue (ads, services, etc) for Google. Sure it's our choice, but when a company drops 200-300 million dollars to a game company (Zynga) at the drop of a hat, they have to have the money, time, and resources to get this security thing close to right.

We need the below actions and more (ideas that have been talked about by the community for over a year):

1.       Multi-Factor Authentication

2.       More efficient and effective account lockdown/recovery methods

3.       Password and account change alerts (sent to mobile, email, etc - users choice).

4.       IP filtering and location (range) setup

All of which several of us have outlined (as well as many other great ideas) here http://goo.gl/mU3u.

Google, help us to understand that amidst " Granny's Guide to Video Chat", there is a serious side to Google working real security issues and not a simple pop-up bar to show your account was accessed. You've nearly mapped the worlds landmasses, the ocean, mars and the moon. You help monitor national disasters with such accuracy that federal agencies rely on your date to make decisions, and you are helping to bridge the poverty gap in healthcare and education. 

please... Please... PLEASE! 

Focus on the security of your customers and patrons! Don't just try to replace Microsoft, Twitter, and Facebook, rise above!

Thanks and looking forward to a substantial response from a Google Employee with Clout...

/r

Re: Argh spam sent from my email address, hacked? bkc56 7/13/10 10:58 AM
RedSoxRobbe, you make a number of good points.  I just want to add/explain a couple things.

First, Google takes account security very seriously and are always working in that area.  But as a general rule they don't talk about it, and they clearly don't provided any details or specifics that would be useful intelligence to the hackers/spammers.

On your point "Multi-Factor Authentication" (and related), we need to keep in mind that the vast majority of users are not very sophisticated and keeping things simple is important.  I can't tell you how many times I've seen posts about "I can't remember my secret question" or "I never set one up" or "my recovery e-mail is no longer valid".  A more complex authentication is just as likely to lock these users out of their accounts as it is to keep hackers out.

Finally, on "
More efficient and effective account lockdown/recovery methods" there visible work being done here.  The recently added system that locks hacked accounts providing an SMS recovery code for users to re-gain access is one visible example.  Increasing the history of IPs in the details link to 10 is another.  As is the new Red-Bar warning that can show up at the top of the Inbox.  Google has also stated they are working on improvements to the recovery process.  This is all stuff being done to improve security.

Google may not be moving as fast as we would all like, but they are clearly NOT standing still while they work on fluff and gadgets.
Re: Argh spam sent from my email address, hacked? basilarchia 7/15/10 3:38 PM
It seems like there are several reports here that are related to phone access. Maybe there are applications on the phone that are written by the spammers? Lots of phone (aka android) applications have access to the contacts. It might make sense to review what phone applications were installed.
Re: Argh spam sent from my email address, hacked? grandmoffspiker 7/16/10 9:25 AM
Browser China (182.114.227.243) 1:52 am (8 hours ago)
Re: Argh spam sent from my email address, hacked? atanu.podder 7/17/10 4:51 AM
I am victim too, my account activity log shows ...my account was hacked/ accessed 7 times in last couple days from 'Chaina'!
Re: Argh spam sent from my email address, hacked? Kicker1862 7/19/10 11:18 PM
My account was hacked over the weekend and the same message sent to all my contacts. The red suspicious activity bar is a great innovation! My account was accessed 4 times in two days from various IP addresses in China, most mobile. I don't think that accessing from your phone has any way compromised security as I mainly access from work and our network is highly secure as we are an ISP. Is it possible that the mail servers were hacked? 
Re: Argh spam sent from my email address, hacked? bkc56 7/19/10 11:48 PM
Is it possible that the mail servers were hacked?

Unlikely, or we'd see a huge increase in the number of compromised account reported.  And while there are a lot of reports (well it seems like a lot when I try to answer them) it's been pretty steady for several months, no big increases.
Re: Argh spam sent from my email address, hacked? Kicker1862 7/20/10 11:09 PM
By reading the thread, it seems that the link is always the same, www.rictrade.info and the wording is pretty identical. Now I know its not easy to get the IP link when the account is accessed from a mobile IP address, but has action been taken on the registers of the web domain? Surely the hackeers can be traced through the domain?

Re: Argh spam sent from my email address, hacked? RadioJerk 7/30/10 12:37 PM
I, the actual RadioJerk account holder, keep getting undeliverable mail bouncebacks from outgoing spam I didn't knowingly send.  The problem had stopped for a day after I changed the password and also deleted all but 12 of my 300+ contacts ---but now it is happening again. Started on 26 or 27 July 2010.

Note when I changed my password, I changed my send-mail-as-name  to "SPAM_delete_me_UNAUTHORIZED_SEND" but today's bouncebacks are showing pre-change sender name.

I have been shown messages by others who got them and confirmed that messages are indeed going out.   I don't see the messages in SENT MAIL. I just get the bouncebacks in my inbox.  I don't know if that means I'm sending or if they're fake-header-info spams just ripping off my info to fill the "sender" field.

The (thanks for it, Google) account activity info shows use by an IP not on my continent:
115.52.225.60  (Australia).

To all of my contacts and also to unknown craigslist and job site emails, messages like this are bouncing back as undeliverable:


Hey,

My dear friend, What's up?

I find a site to sell electronic products in very nice price. Laptop ,
Cellphone even Motorcycle are very popular. Their products are original
quality with very low price as wholesale business supplier. They also can do
retail business for end user now. Maybe it is suit for your business . If
you like you can contact them : www.fablue.com




Hey,
Mi querido amigo, ¿qué pasa?
Me parece un sitio para vender productos electrónicos en muy buen precio.
Ordenador portátil, teléfono móvil, incluso motocicletas son muy populares.
Sus productos son de calidad original con precio muy bajo como de negocios
de proveedores al por mayor. También pueden hacer negocios al por menor para
el usuario final ahora. Tal vez es juego para su negocio. Si lo desea, puede
contactar con ellos:* www.fablue.com*


- - -

Google, I've been a loyal advocate of G-mail for years ---since the Beta era.

This activity is a massive confidence-breaker.

Please, Google, create:

A kind of SEND FILTER so I can halt outgoing messages with certain characteristics ---like if being sent to more than X recipients, or if certain words I flagged are present, or originates from a certain IP.

An IP BLOCK button in the account activity area.  If I live in the USA and there's activity from Italy, Poland, or Australia, I wish I could do more than just look at the info ---I wish for "block this IP from accessing this account".

I wish I had an option for blocking access to any IP more than X miles from my main IP.  If I could switch that on and off, it would not be a false positive during long distance travel, but if it is a day when I'm home and suddenly Australia connects and tries sending, it is blocked and shut out of the account and I'm notified.

Wish wish wish.






Re: Argh spam sent from my email address, hacked? peterhindrup 8/2/10 8:03 PM
It is possible to find a phone number for google.  Try the white pages, and it still takes patience, and I suspect, some luck.
I was lucky enough to get access to my account returned to me: non functional and without a contact list!
However I can reconstruct my contact list from the emails.
To those trying to answer the questions GOOD LUCK!  With access to my account, I joined in feb 2005, I still could not have answered the questions put!
Remember that it is a computer 'checking' the answers. Do not expect it to respond to sarcasm or irony!

Open a new account,  there have been some real improvements in the system. However it is not possible to transfer your contact list to the new google account!

This feature is desperately needed! Also needed is the facility to be able to transfer and down load all emails, and the labels list to a new/separate google account.

Never again will I risk having information/data and contacts housed in the one facility.

Re: Argh spam sent from my email address, hacked? bkc56 8/2/10 10:38 PM
It is possible to find a phone number for google.

Unfortunately, Google does not offer live support for the free Gmail product (see:  http://mail.google.com/support/bin/request.py?contact_type=contact_policy).


Also needed is the facility to be able to transfer and down load all emails

This is why it's important for users to backup their e-mail history and contacts to their computer.  If my account was compromised, I could be fully restored in a new account in a couple hours.  Or, if I could recover the old account, restored there also.

If you have full backups, you can be up-and-running before other people have their first Account Recovery Form rejected.
Re: Argh spam sent from my email address, hacked? csIre 8/3/10 6:54 AM

Just over the last few days, my partners email was hacked. Exactly as has been described in earlier threads and posts, we had apparently been mugged in London etc. Anyone who sent a reply, got an email asking for money to be sent by Western Union (luckily I don’t think anyone actually did this) but they used personal information (children’s names as a way of verification to our friends)

After several attempts to access using Google’s form to retrieve access, it was finally given back to us. While I applaud Google for trying to make things better using the red warning sign, our account was hacked in the middle of the night (2am) and all settings are changed. Password, password recovery email (they set up a Yahoo address in our name) and set up forwarding to Yahoo. All contacts and Inbox mail had been deleted; this is a Gmail account going back to 2004! Nothing visible in Sent items although they hadn’t remembered to empty trash on two responses from our friends.

My partner is obviously concerned as I am about Google’s security and wants to delete all our accounts, including my business use of Google.

My big issue with all of this is that when we looked at the logs, my partner accesses the account from the same country for several years, then suddenly late one evening, it gets accessed from Nigeria (a couple of hours after we have) passwords are changed and a mass email with exactly the same language as has been described in earlier posts (so it’s obviously used a lot) is sent out.

With all the big brains making money for Google with Adsense, targeted marketing etc and the fact that Gmail can tell me when I’ve forgotten to attach something, how is it not possible to block a hack like this??

And after all this, I had to send the form to retrieve access about seven times, with what we considered to be fairly accurate information.. including the obvious giveaway that we hadn’t just moved to Nigeria over the weekend.

Best

 

Re: Argh spam sent from my email address, hacked? Mike CH. 8/8/10 10:18 AM
Hi RedSoxRobbe,

We hear you. I'd like to build on what bkc56 has said about how a project like Gmail works.

The first thing I'd like to clear up is that solving these problems is not simply a matter of money. Believe me, if we could simply buy a solution tomorrow, we'd do it in a heartbeat! 

The Gmail team is large and made up of people with differing skills. The people who made "Gmail for Grannies" are not the same people who are working on hijacking, nor does it really make sense to re-allocate them. The current work being done on hijacking requires certain sets of skills and experience that can't be developed instantly, and most of the work can't be easily split up either. Kind of like how two women can't make a baby twice as fast, adding more people to our hijacking efforts won't necessarily speed them up.

The second thing to be aware of is that many changes to Gmail cannot be made quickly. This is unfortunate but the reality of working on a webmail service with hundreds of millions of users. For example, every change made is reviewed by at minimum one other person, often multiple other people, and complex changes can take many rounds of review. This is because we have to get it right first time, or else risk breaking Gmail for everyone. Many of the features and changes (like rich text signatures) that you see launching have been in the works for some time, whilst the sudden uptick in hijacking we've seen this summer is relatively recent. 

We've been able to make some changes quite rapidly, for instance we're successfully bouncing large amounts of mail advertising Viagra sites from hijacked accounts, and have been doing since a few weeks after this phenomenon started.

Other changes take longer. All of the suggestions you've made for things we should do make total sense. We don't comment on your ideas because we have a policy of not discussing what we are currently working on. Why is that? Well, one reason is that the next question people ask is "when will this be completed?" and that's something we often don't know the answer to. The people doing the hijacking are full time, paid professionals who earn a lot of money from what they do and don't give up easily, which can make figuring out timelines tricky. Another reason is that we don't want to give criminals an unnecessary heads up.

All I can say is that many of us on the Gmail team, including myself, are working like crazy to create real (permanent) solutions to hijacking. Once more of these solutions are live, I'm sure there'll be discussion of them in this forum.
(unknown) 8/9/10 7:48 PM <This message has been deleted.>
Re: Argh spam sent from my email address, hacked? tommywisconsin 8/11/10 8:53 PM
This isn't a gmail issue. This is happening to people from gmail, yahoo, and hotmail, so it isn't a failing of one particular service. Is there a way to remove this virus?
Re: Argh spam sent from my email address, hacked? SN 8/11/10 10:02 PM
Hi Tommywisconsin,

Inoculation can be found at Gmail 'Help' link specifically at help articles: 'Privacy and Security' 'Spam' and 'Suspicious messages'.
Re: Argh spam sent from my email address, hacked? lauralagatajohnson 9/1/10 7:51 AM
I also got hacked on Aug 24 from an IP in Argentina.  The hacker sent out a link to all my contacts.  Gmail caught it as suspicious and shut down my account.  I was able to regain access and immediatley changed my password and checked all the suggestions you guys have said of what to do when you get hacked.  I couldn't find any strange settings that had been modified.  I use a POP3 option to check mail using Outlook.  I checked my computer for threats, malware, etc. using a full scan and it came up clean.  Then I got hacked AGAIN today! It was a mobile IP address in Brazil.  What's the deal?  I do not know what to do because I've checked for filters, alternate emails, etc. and the only solution I see is to permanently shut down my gmail account.  I don't want my contacts to get any more spam from me!  This is the first time I've had this problem, and think it's odd that it's happened twice in such a short period of time.  What can I do?
Re: Argh spam sent from my email address, hacked? Joshua 9/1/10 8:13 AM
Getting hacked repeatedly after changing your password is indicative of having a keylogger/virus/spyware on one of the computers you use to access gmail. Try running some virus and spyware checkers on your computer. (Using more than one is sometimes necessary.)
Re: Argh spam sent from my email address, hacked? lauralagatajohnson 9/1/10 8:53 AM
Thanks Joshua. Please give me some recomendations of which software you use for that.  I've already used McAfee scans and Malwarebytes.  Neither show any dangers. None of my other online accounts have been hacked.  Which ones do you suggest?
Re: Argh spam sent from my email address, hacked? bkc56 9/1/10 9:50 AM
Here's my preferred list of free utilities to scan a suspect computer.

* LavaSoft Ad-Aware - http://www.lavasoftusa.com/
* Spybot: Search & Destroy - http://safer-networking.org/en/index.html
* MalwareBytes - http://www.malwarebytes.org/
* SuperAntiSpyware -http://www.superantispyware.com/

Re: Argh spam sent from my email address, hacked? lauralagatajohnson 9/1/10 2:59 PM
I've now used McAfee, Spybot, Malware, and LavaSoft and none of the found any suspicous on my machine.  I really don't think my computer is infected with anything.  I haven't used my email on any other computer in the past 2 weeks since this started happening.  I've changed my password once again to one that is super hard to figure out.  If a hacker gets this one too, I will shut down my account.  Any last suggestions on how to keep it secure? 
Re: Argh spam sent from my email address, hacked? bkc56 9/1/10 6:48 PM
Any last suggestions on how to keep it secure?

Make sure you've done everything documented here:  http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

And make sure you are aware of password harvesting methods and have done what you can to protect against them: 
http://www.google.com/support/forum/p/gmail/thread?tid=7735f5c368fb648b&hl=en
Re: Argh spam sent from my email address, hacked? bcgrote 9/6/10 4:39 PM
OK, not being allowed to send mail after being spamhacked is BAD for us users.  But it is GOOD for sites like Yahoo Mail.  Because I can still send mail from there and NOT be hacked as I am EVERY SINGLE MONTH THIS YEAR HERE!

Google is beginning to suck, y'all might want to do something about that.
Re: Argh spam sent from my email address, hacked? bcgrote 9/6/10 4:54 PM
So the header on teh bounced spams says:
----- Original message -----

MIME-Version: 1.0
Received: by 10.216.165.16 with SMTP id d16mr1395179wel.0.1283761213982; Mo=
n,
06 Sep 2010 01:20:13 -0700 (PDT)
Received: by 10.216.195.139 with HTTP; Mon, 6 Sep 2010 01:20:13 -0700 (PDT)
Date: Mon, 6 Sep 2010 01:20:13 -0700
Message-ID: <AANLkTincPhFp65MbjuJh5q+jEDjRAgY93Q2V6S_ytFgx@mail.gmail.com>
Subject:=20
From: Brandy Grote <bcg...@gmail.com>
To: br...@lawrenceco.com, bro...@goodexperience.com, bu...@pmog.net,=20
bu...@pmog.com, callie...@med.va.com
Content-Type: text/plain; charset=3DISO-8859-1

http://nqtxadhknquuxae.ru.gg

and the IP addresses were:
Turkey (95.7.209.60)

8.22.161.85
and
8.22.161.94 - WASHINGTON DC!!!!

To not allow us to send mail after a hack attack is low, Google. If that is the best response you can offer
to those of us who have been hacked, you deserve to lose customers and followers. I was a beta tester in the
90's, and have been a big fan. Until this year. You can't protect my account, and you can't stop anyone from
sending spam from my account.

Can you tell my why I should CONTINUE to use Google products? Yahoo is free, and they do a bit better. My Yahoo mail has
never been hacked, and come to think of it, neither were any of my hotmail accounts!




--=20

Re: Argh spam sent from my email address, hacked? bcgrote 9/6/10 4:57 PM
My "Sent mail" folder DOES NOT CONTAIN THE SPAM SENT OUT!  SO WHY AM I NOW UNABLE TO SEND ANYMORE MAIL TODAY?

I have RECEIVED a lot of bounce notices, but I HAVE NOT SENT ANY MESSAGES SINCE 1:18AM!!!

YES, I'M FREAKING YELLING, THIS HAS HAPPENED TOO OFTEN FOR ME TO IGNORE, ESPECIALLY NOW THAT I AM PRECLUDED FROM USING MY OWN FREAKING ACCOUNT AFTER SOMEONE PIGGY BACKED IT!!!!


Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/6/10 6:15 PM
@bcgrote

At least your yelling has worked. My air conditioner was acting a little wonky today, but now that you've yelled online, it's working swimmingly. Thanks.

Re: Argh spam sent from my email address, hacked? Mike CH. 9/7/10 3:24 AM
Hi bcgrote,

Your account is repeatedly sending spam, I see we already forced you to change your password twice but it doesn't seem to have helped. If the new passwords you chose were completely different to your old passwords then the most likely possibility is that you have a keylogger on your computer. AV scans may or may not find any virus, but I suggest wiping the machine completely and then restoring it to factory settings.

I guess we could try and separate out mail we think is hijacked from other mail for quota enforcement, but that would be very complicated and it seems better to try and solve the real problem here.
Re: Argh spam sent from my email address, hacked? Dave in Danville 9/8/10 5:11 PM
One of my gmail accounts was hacked today, just as has been described elsewhere in this thread. I run two firewalls, Spybot and Ad-Aware and after another check this evening I find my system is clean, as usual. Interesting that I have three accounts, all of which were open at the time in three different browsers and only one was compromised. And yes, it has a unique password. I'm thinking, after reading this thread that the gmail system has been compromised and that hackers are picking off accounts one by one. And, I'm serious thinking it's time to move to another email service since this has never happened to me before since first coming online in '97.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/8/10 5:32 PM
Spybot and Ad-Aware are terrible. I used to love them until I realized they lead people into a false sense of security.

Re: Argh spam sent from my email address, hacked? Mr. Swoon 9/8/10 6:04 PM
I just caught my account having similar issues. My computers are fairly locked down malware-wise, and my PC was actually shut off when the spam attack occurred. My passwords were smallish, but complicated enough that it shouldn't have been that easy to brute force. I've just changed to a more complicated pw, so hopefully that will put a stop to this.
 
I am concerned about the rash of these attacks. Doing some research on other reports of the same issue, it all seems to be coming from mobile clients. At the very least mine was a mobile client from the Philippines. I hope there's a good effort being mounted in blocking these attacks outright.
Re: Argh spam sent from my email address, hacked? Dave in Danville 9/8/10 9:53 PM
Thanks for the advice BIGELLOW. I am running Malwarebytes as well.
Re: Argh spam sent from my email address, hacked? jennifervawter 9/10/10 2:19 PM
HELP! PLEASE! I closed this account down MONTHS ago!
 
I use different passwords for EVERY site and I got this in my inbox today from a CLOSED Gmail account!
 
Flag this message

[We have a cheap Replica_Watches]

Wednesday, September 8, 2010 7:19 PM
 
 
Please somebody help me! I go to open my account and it says it's not on file! Because I closed it MONTHS AGO! HELP HELP HELP !!
Re: Argh spam sent from my email address, hacked? bkc56 9/10/10 5:52 PM
If you have messages being sent from a closed account, I can only assume two possibilities:

1.  It was using forged headers (spoofing).
2.  Someone recovered the account and is using it (which I doubt).

One easy test is to send an e-mail to that closed account.  If it bounces, then the account is still closed and the spam headers were forged.  If it's delivered, then the account is still active and controlled by someone.
Re: Argh spam sent from my email address, hacked? jennifervawter 9/11/10 10:04 AM
it went through!!! can somebody from google PLEASE permamently BAN jennife...@gmail.com  I had this email for YEARS and will NEVER EVER trust google with email again!
Re: Argh spam sent from my email address, hacked? jennifervawter 9/11/10 10:07 AM
PS: How was I phished? My homepage WAS set to google AND you have those links up top? I have been an avid google user for mmm 11 12 years or so, now I am warning EVERYONE I know friends or in the tech industry to avoid google like the plague!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/11/10 10:09 AM
@jennifervawter

You're doing it wrong.

Re: Argh spam sent from my email address, hacked? bkc56 9/11/10 11:55 AM
...it went through!!!

I am trying to get someone at Google to find out what is going on.
Re: Argh spam sent from my email address, hacked? MsI53 9/11/10 2:10 PM
Jennifer, are you 100 percent certain that you actually closed the account? Is there any possibility that you were going to close it and for some reason didn't but never realized that and have just been assuming it was closed?
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/11/10 2:17 PM
I'll bet that whomever is controlling that Gmail account now is going to create a Facebook account posing as you, will open up credit cards in your name, etc... Identity theft is not a pleasant thing. I feel for you.

Re: Argh spam sent from my email address, hacked? SN 9/12/10 1:49 AM
Jennifervawter, Based on the what you have provided us thus far, I think Bkc56 has identified the culprit with his reply 9/10/10, "1. It was using forged headers (spoofing)." -Looks like that might be a mis-filtered 'me' spam aka false negative, aka spoof spam, message impersonating your previous Gmail account. -Two things to look for to help verify whether that message was actually sent from a valid Gmail account: 1) In opened message, [do not click inside message] rather, inspect the 'show details' ref. [1] looking for the 'mailed-by' or 'signed-by' lines matches the sender's email address... 2) Also, if you reply back here with the full headers ref. [2] of that message, more than likely, it will help us see that you received is a spoofed email; one of us can help determine for you.
Re: Argh spam sent from my email address, hacked? MrEvan 9/13/10 9:13 AM
Easy folks - let's not jump to conclusions here...

Hi jennifervawter,

If you closed your account months back, then it is closed forever and no one can send real messages from it.  Someone could still make it look like a message came from you though, so I agree w/ bkc56 that this is likely a case of "spoofing." I urge you to take a look at message headers, using SN's link or the following info:
---
To help us investigate your situation, please post the full headers from the most recent message(s) affected by this issue.

To display this information in Gmail, please follow these steps:

1. Sign in to Gmail.
2. Select the conversation containing the message affected by this issue, and open the individual message.
3. At the top-right corner of the message window, click the down arrow next to 'Reply,' or select 'More options.'
4. Click 'Show original.'

Please copy and paste the contents of the new browser window into your reply. If you don't wish to include the text of the affected message, simply delete the body of the email from the above information. But, please be sure to include the full headers.

To obtain headers from other webmail or email providers, please refer to this page: http://mail.google.com/support/bin/answer.py?answer=22454.
---
Please let us know what you find. 

Best,
-MrEvan
Re: Argh spam sent from my email address, hacked? pbfreeman 9/13/10 9:29 AM
Hi Mike CH

I am unable to access my account, but I do not believe it it has been hacked/stolen/taken over, and I don't think Google believes this either. In fact reading through the forum it seems to me that most people who have lost access to their accounts have suffered the same thing as I have: Google has scrambled it's eggs and their passwords simply don't work any more.

The reason why I think this is my observance of the extraordinary method Google has employed to counter a "stolen" account, and more specifically what Google does NOT do.

Let me explain: If my account has been stolen, I am 100% compromised in every possible way I could be. My security is 100% down, my privacy is 100% non-existent and my contacts are 100% stolen and exposed.

So considering that the scenario is as bad as it could possibly be, how come Google does not do ALL it could to help me recover the account as fast as possible?

What would that be?..... An interview! I would need an Google employee, at MY request, to look into my account, ask ME questions about it until said employee is happy it IS my account and return it to me!

This way both Google and I, are recover OUR security breech as fast as possible, minimizing the exposure and compromised position.

Why does Google not do this?

Google says that for a Google employee to look into my account would compromise my privacy! Which according to Google is 100% compromised already... by hackers. If this was true how could it POSSIBLY be worse if a Google employee looked into my account at my request?

Does this make ANY sense?

Clearly not. So why would Google NOT be doing what obviously needs to be done asap if the account was truly stolen? If I can think of the solution then I am sure Google can to, and has, but is simply not doing it. Why would this be if the account was truly stolen and Google and my security has been compromised?

Its not stolen. Google know it and I know it. I am suffering from a mistake that Google has made and I am being made to pay the price.

The ARF would be 100% answerable to a thief who had my account, so inherently its no kind of verification anyway. What you would need to ask on an Account Recovery Form is question not verifiable from inside the account. Google would have had to harvest a bunch of answers from me when I opened the account, security related only questions, stuff that would have nothing to do with my account:

What city does your mother/father/brother/etc live in?

What is your dog's/cat's/best-friend's/etc name?

What is your favourite Sport/hobby/park/place/etc

10 Questions like these filled in by an account holder would be able to be brought back up and filled in with an 80-90% accuracy rate and verify the USER never mind the account... the thief can verify the account they are looking at it!

The ONLY thing that makes sense out of the system as it is now is that Google has screwed up my password and is overly worried they will look bad and or give the account back to the wrong person..
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/13/10 10:12 AM
@pbfreeman

Let's see... what would stop someone else from calling to talk to a Google employee and trying to do an interview, claiming to be you? Sure, they might fail to convince the Google employee that they are you, but humans do make errors from time to time. So, what happens when this works a certain percentage of the time? Then, Google needs to staff hundreds or thousands of employees just to field the bogus calls, trying to hijack user accounts. This increased expense means they would need to start charging for all Gmail accounts, making it no longer free. The list goes on and on. What your asking for makes sense, from an unlimited time, unlimited money, unlimited resources perspective.

Another problem is this. If Google allowed Google employees to gain access to Gmail users' data... guess what? Your account could be stolen BY a Google employee. I know we'd all like to think that once someone becomes an employee that they are 100% infallible and honest, but let's face it... the problem that exists with some humans is not limited to their employment status, age, sex, etc... So, it makes perfect sense for Google to protect Gmail accounts from even Google employees.

Finally, while *you* might believe 100% that your account has been "stolen", there are hundreds of others who are equally convinced that their accounts have *also* been stolen... when the accounts *have* *not* been stolen. Email addresses can be spoofed (without "stealing" an account)... in some cases, an account can be used to *send* email without the hacker actually gaining access to other aspects of the account, such as being able to read the email, etc...

So, when this sort of thing happens, it does not necessarily mean that your privacy has been compromised 100%, it just feels like it.

Re: Argh spam sent from my email address, hacked? pbfreeman 9/13/10 10:41 AM
@BIGELLOW That a lot of 'if's', but right now there are a bunch of 'definite's' on the table. People are being locked out their accounts and the ARF system is not helping.

I am not suggesting a call centre, I am suggesting an online chat help service that once can ask for an appointment with. I know Google has this service for other accounts, and don't forget that gmail is advertising for Google every time a mail get sent. Why do they not look after their clients who do this advertising for them? Google has HUGE amounts of money and resources, lets be honest they could offer this service...

I am not suggesting that Google freely give anyone that works for them access to any account, I am saying have a specialised team to help recover compromised accounts, how much worse can it be? You can't 'protect' a compromised account!

Finally as I said I don't believe my account has been compromised, I think its been screwed up by a Google error!


Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/13/10 1:01 PM
@pbfreeman

"Gmail is advertising for Google every time a mail gets sent."

That's a stretch. Based on that, you are advertising your local ISP if you use the email address they assign you every time an email gets sent. What's worse is, you pay for that service.

To me, "advertising" would be what Hotmail does, where an actual advertisement gets inserted into the footer of emails as they are sent. Just having @gmail.com in the email address isn't more advertising than having "@hotmail.com", "@comcast.net", "@yahoo.com", "@yourlocalispgoeshere.com", etc...

And does Google have huge amounts of money and resources? Sure. However, they get most of this money through other means. If they rob money from one project to pay for another project, pretty soon they end up with a bunch of vampire projects sucking the life out of profitable ones. It's just not good business.

You say that people are being locked out of their accounts and the ARF system is not helping. While I agree with you to a certain extent, it's not really as huge (or straight forward) as you make it out to be.

There are TONS of people who get locked out of their accounts and the ARF system is exactly what they needed to get back in. SOME people are being locked out because their security was compromised. OTHERS are locked out because they recently changed their password, then forgot the new password they chose. Or their capslock is on and they don't realize it. Or they use different passwords in different places and are mixing up passwords in the wrong place, absolutely convinced that they aren't confused.

There are so many different scenarios and MANY of these scenarios would completely waste the time of Google employees. I'm not saying that there aren't some rare and very legitimate scenarios that can only be resolved by talking to a live person, but again... these are rare. If everyone took the time to, say, register a mobile number with Gmail ahead of time which can be used to gain access to their account, or to maintain an external email address elsewhere as a backup email address to gain access to Gmail again when they are locked out, these problems would be a whole lot rarely and, quite possible, avoidable entirely.

One way to have a "phone number" or a live person to contact is to pay $50/year to use the Gmail interface for your own domain. By doing this, you can turn off the ads... you won't be "advertising" Gmail anymore since it will use your own domain name... and you will have a support line you can call when you run into trouble.

Expecting this level of service at no additional charge is just asking Gmail to fail as a project... maybe Google can afford to bleed that money, but it would run the potential of making the standalone Gmail project no longer profitable, which any profit-seeking business would shut down in such an instance.

Re: Argh spam sent from my email address, hacked? pbfreeman 9/13/10 11:30 PM
So what you are saying is that Google are not responsible for their own mistakes and on account of them wanting to maximise their profits at the cost of their customers its all OK?

Do you not think that what you are saying is inherently dishonest in terms of business practice? I have my entire mail history etc for the last 4 or 5 years taken away from me through a Google error but that is simply not Goggles problem. This despite the advertising Google does about its secure systems etc etc?

Expecting a company to take responsibility for its own actions at its own expense is not a foreign concept where I come from. The notion that doing so would shut them down is farcical!

Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/13/10 11:42 PM
No, I'm saying that you haven't shown anything to me to suggest this is Google's fault. So, it mostly sounds like you're barking up the wrong tree.

I'm not saying that should maximize their profits at the cost of their customers, I'm just saying there are some customers who are never happy and always take for granted the service they are getting for free and feel that they are entitled to more for less.

It sounds to me that you had your entire mail history for the last 4 or 5 years lost because you didn't take the necessary precautions to have a back-up plan in case you lose access to your account, you clearly didn't back up your email to local storage, etc...

It's systems ARE secure, which is why you have found that by getting locked out, you can't get back in very easily, which is why it would have been prudent to have a backup plan. Did you have a secondary email account registered with Google? One you continue to maintain access to? Did you register a mobile phone with Google that you could have an SMS message sent to in case you get locked out? Did you set a security question that only you know the answer to that someone else is not able to easily determine by knowing you either in person or through information readily available?

If you had done all three of these things (or really, ANY of these three things), you likely wouldn't have a problem.

If someone was able to gain access to your account by knowing your password, it either means your password:

1) Is easy to determine.
2) Is easy to randomly generate.
3) Was re-used on another website.
4) Was captured through an application or website.
5) Was shared with someone else who isn't as careful as you are.

If you are absolutely certain that numbers 1-5 don't apply to you, then it's pretty likely numbers 1 or 2 apply to you anyway. No security system in the world is 100% effective against those who want in. So, if you really did take all precautions, then it's unfortunate that you are the 1 in a million which had bad things happen. Of course, if you really did take all precautions, you'd have local backups of all your email.

Re: Argh spam sent from my email address, hacked? ___Keith___ 9/13/10 11:44 PM
Gosh - we're here on a Google forum.  If Google was running a conspiracy to hide the fact that their servers are compromised, would we be discussing it here?  How much support do they owe me?  I use all of their services for free.

The most likely source of the problem is that we compromised our own passwords.  This could be by our carelessness, particularly using the same password on multiple sites. I have used a password on a site which then sends me back a copy by e-mail in the clear, that password is now useless.  We can also be compromised by viruses, malware, keyloggers, rootkits, etc.

Do you want to have someone to blame or do you want to aolve the problem?  If the latter, assume the problem is on your end, scan all your machines, change all your passwords.


Re: Argh spam sent from my email address, hacked? pbfreeman 9/14/10 2:16 AM
I managed to track down the original mail sent to me from the account that I was invited through. In it I was given something called a Google Web APIs license key. I entered this key in where the ARF ask for a Verification Code. This seems to have worked as I have my account back.

What chance does anyone have of getting this right when Google does not even ask the right questions? There is not such thing as a "Verification Code", they themselves call it a Google Web APIs license key.

My account is 100% fine, no spam sent, nothing deleted or changed at all. This was 100% a Google error, just Google messing me around for no reason what so ever and making me stress for 4 days!

I had my password stored on 3 different apps on 2 different devices, all 3 were locked out at the same time, this CLEARLY was a Google error, it is not possible for me to have done this. My password was not stolen, my account had not been taken over, I was simply locked out. This phenomena is known and is reported on Wikipeadia in their main article on Gmail. Clearly it is a known and ongoing problem and Google is being dishonest about it!

The ARF is the single most incompetent and down right stupid piece of thinking I have ever seen. I do not understand how the people who came up with this have a job at Google or anywhere at all as they are not fit to tie shoelaces for a living!

I am disgusted with Google's handling of this, dishonesty in this and ethical treatment and downright rude approach to its own customers.
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/14/10 7:44 AM
@pbfreeman

1) It still sounds to me like what you're saying doesn't add up. It's as if you're using a different "Google" than everyone else. If locked out of my account, it asks me a question that I was able to create myself. Perhaps you also created your own question, called it "Verification Code" and used the Google Web APIs license key as the answer?

2) You say "I had my password stored on 3 different apps... all 3 were locked out at the same time." When you say "apps", are these all Google-owned apps? If so, I think that's where your confusion might be. Each app doesn't have a distinct login. There is only one "Google Account" with a single login. If you use 10 or 20 different Google "apps", it's all tied to the same login. (Unless you specifically create a unique login for each app, which would be a nightmare to manage.)

3) To protect your one Google login (which applies to all Google apps), go here:

This is where you can set alternate email addresses to have reset information sent to... you can register a mobile device to use SMS to verify your identity... and you can set your own question/answer pair.

Also, to be sure there isn't anything residual in your account still, this has some good information:


You keep talking about Google being "dishonest" and "unethical"... those are some strong words and yet you've done nothing to back up those claims. When an account is compromised, the problem is usually the password or the user's machine. You are the owner of your machine, not the third-party service provider. You are also the owner of your password, not the third-party service provider. So, if either is compromised, it's not the third party service provider's jurisdiction.

Re: Argh spam sent from my email address, hacked? pbfreeman 9/14/10 8:56 AM
@BIGELLOW

Please familiarise yourself with Google systems, it will help you to comment on this forum. Google offers multiple services but allows a user to log in through one central account through any of the individual log in gateway's on each service. A persons log in ID and password are the same universal ID and password to all Google systems. Hence when using the mobile mail, or mobile chat, or the online gmail account, each app can and does store and remember ones ID and password and allow a convenient way to log in and access each app. One can't 'specifically create a unique login for each app', its the same ID and password. Which is WHY when all 3 apps, on two DIFFERENT devices where the SAME id and password were stored, were ALL (all 3 of them) barred from my account at the same time, it became obvious that Google had changed my password as it is impossible for me to have done so on 3 different apps simultaneously, either intentionally or accidentally!

Once Google has chucked an account user out of their account they give you the ARF to fill in. This is a form primarily designed to allow an account thief to wholly claim a stolen account and to bar the legitimate account owner access permanently. But it conveniently is also able to be used by Google to mess the rightful account owner around to the MAXIMUM before giving you your account back, (if they ever do) once Google themselves have randomly decide to take away a users account (by deleting their password and security question.) In this form they ask misleading questions expecting you to have information that they never explained why they gave you or told you that you were supposed to keep: Your Google Web APIs license key (which they misleadingly describe in the ARF as a "Verification Code"!)

When I opened my account I was sent the following in the very first mail:

"Your Google Web APIs license key is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Bang. That was it, this one sentence just like that. No explanation as to what this is, or why I have it, or that I should store and keep it securely and most certainly not that I will need it to defend my account against Google themselves!

Yes I am the owner of my password, which is WHY it was unethical and dishonest of Google to cancle/change it AND cancel my security question! Where I come from it is not the right nor is it not the third party service provider's jurisdiction to do such a thing. AND having done so to LIE about it afterwards is rude, dishonest and unethical. As noted on the Wikipedia entry on Gmail, Google are KNOWN for doing this!

I hope this helps you understand the Google you are ACTUALLY using.

Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/14/10 9:26 AM
@pbfreeman

Sorry. That's precisely what I was trying to tell you. I'll help you out. This is a quote from you:

"I had my password stored on 3 different apps on 2 different devices, all 3 were locked out at the same time, this CLEARLY was a Google error, it is not possible for me to have done this."

Why would you say your password is "stored" on 3 different apps if you know full well the password is only "stored" once... in your single Google Account? Why would you call attention to the fact that "all 3 were locked out at the same time"? If you understood there is only one account, then there is only one account to get locked out of, preventing you access from all apps. How does the fact that you couldn't gain access to "all 3" significant enough to you to be evidence that it was "clearly" a Google error?

You forgot your password. That's all. Once you locked yourself out, you sought out to blame Google instead of taking responsibility. It's all good. You're back in, now. I'm glad you got everything sorted out. I tried to help, and you just bashed everyone who tried to help, you bashed Google, you used words like "dishonest" and "[un]ethical" and then you solved your own problem, then returned to bash Google one more time.

It sounds to me like you just have a miscellaneous beef with Google and aren't careful enough with your passwords. No worries. The Wikipedia article for Gmail says nothing about Google being dishonest or unethical... that's all your own hyperbole. Hating Google and venting all of your frustrations in life against Google is your prerogative, but this isn't the place to do it. Start a blog and do it there. This is a community where users help users. No point in biting the hand that feeds you. Glad you got everything sorted out.

Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/14/10 9:37 AM
Now that I think about it, it's very interesting that an early email you received was:

"Your Google Web APIs license key is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Then you say that you have no idea "what this is, or why [you] have it". They will only send you a Google Web APIs license key if you specifically sign up for one. Did you, perhaps, fill out a form requesting an API license key from Google because you wanted to interface with one of their APIs? If you didn't, then it sounds like someone else did. If that's the case, then something doesn't quite add up with what you are saying. I am very familiar with Google services. I am a programmer and I use just about every single one of their APIs. I am signed up for much more than just "3 different apps" of theirs. I have not stated anything that would suggest that I don't understand how Google works. You, on the other hand, repeatedly state things that make no sense (like saying if you are locked out of all three services, it must be Google's fault.) You only need to forget your password once to be locked out of all three services. The email address your account is associated with only needs to be compromised once for you to be locked out. There are all sorts of things you could do or someone else could do that might lock you out of your account and it has nothing to do with a Google error. Yet, you seem so convinced, which is what doesn't quite add up.

Anyway, I would recommend that you check which alternate email address is associated with your Google Account and make sure the password to THAT account hasn't been compromised. Someone might be screwing with you. If you don't have a secondary email address associated with your account, it is highly recommended. If you never signed up with a Google API license key, then the moment you received an email giving you one, you should treat it with suspicion.

Re: Argh spam sent from my email address, hacked? pbfreeman 9/14/10 3:09 PM
BIGELLOW

Look at what you wrote "(Unless you specifically create a unique login for each app, which would be a nightmare to manage.)"

You can't do this on Google... how can you say you understand how Google works? This is just not and never has been an option. Do you really think I am unaware that I am logging in to each app with the same password and id for the last 4 years?

I don't understand what has confused you about my explanation.

On my computer I have my gmail ID and password stored in my browser (prior to logging in) so that when I want to log in I can just click on the button and I do not have to type out my whole ID and password each time.

On my phone I have the gmail mobile app, on this app I have my ID and password stored in the log in fields (prior to logging in) so that when I want to log in I can just click on the button and I do not have to type out my whole ID and password each time.

On my phone I have the google chat app, on this app I have my ID and password stored in the log in fields (prior to logging in) so that when I want to log in I can just click on the button and I do not have to type out my whole ID and password each time.

Does this clear it up? My point about the 3 apps being blocked out the system simultaneously it to paint the picture for everyone that I could NOT have made a mistake on my password. I have not typed the ID and password in to either of the apps since I got the two devices. Every time I have logged in I have just clicked on the log in button in each app, when and as I wanted to use the app. So when my mail reported that the password and username did not match I picked up my phone and tried the chat app, that said the same thing, so I immediately tried the mail app on the phone and it reported the same thing. Now you say I forgot my password? How? I accidentally change my password on all 3 apps? The error clearly came.... from Google! Google no longer had my password and user ID matched, Google had changed my password on their mainframe and shut me out. When I went to my security question it too had been erased and replaced with the words "temporary question" Then I discovered that I had entered in error my secondary email address as a yahoo.com and not the yahoo.co.uk that it actually is, my mistake. I had not noticed that Yahoo had ever been anything different than yahoo.com. It was THEN that I tried the third option, which brought me to the Account Recovery Form and the forums. I was horrified to discover that although I had made no mistake with my password of any kind, I was shut out and getting no help from Google for their mistake. What I was left with, as my only help, was the most unintelligent form ever devised in the history of the internet. I was and am appalled that google leaves their own clients for dead when they need help the most, especially when it is clearly a Google error which then Google takes no responsibility for!

As for the APIs, I have no idea what you are talking about. What I did to get my account back was manage to find and contact the person who invited me in 2006. He very kindly allowed me to log in to his account (he was unable to get to a computer at all) and search for all mail relating to my gmail address. The very first mail his gmail ever sent to mine, was that one! It was not an early mail, it was the FIRST one. No explanation, no warning that this was some kind of vital recovery code, no nothing, just the code. Why do Google call it an APIs in the mail, and a "verification code" in the form? Is that not a little strange to you? As for the notion that I applied for it, well how? This was the first mail... what do you want me to say? It was sent to me and it is clearly the recovery code that did the trick! But why does Google not point out its significance and why does Google not ask for it in the ARF? Why call it a different name? Honesty???

Further I want you to consider something. What if what I am saying happened to me, actually is what happened to me, just as I have said it has? What if Google had a malfunction and wiped off my password and security question? Just consider it for a moment as my actual reality. Now look at your response. Dismissive? You have been sure of everything except what I was saying... My account was not tampered with, nothing had been changed. I went though the '[1] When you reclaim Your Account(Web)' with a fine tooth comb, nothing was out of place. My sent mail has nothing new in it that I did not send. So now what? My account was not hacked, it was not stolen, I was simply locked out. You say I did it, what if I did not? How would you feel being told its you when you know very well its not you? And As I say, even in the Wikipedia menu on their Gmail entry there is listed this phenomena:  8.6 Disabling accounts people get chucked off, just like me, what can I tell you?

And lastly the ethical issue. In the world today it is not fashionable to call things what they are, stand up and make a noise about wrong things being wrong. It makes people uncomfortable. Have you heard of the famous line "All that evil need to succeed is for good men to do nothing"? I am sorry, but what Google is doing here is wrong, its unethical and dishonest. That ARF is no kind of response to account theft! Any thief would be able to fill that form in using the information in the account they had stolen, so what is that form for? That Google says 'oh we have help for you, we have the ARF' is a dishonest statement! That form is not help to a person who has had their account stolen and neither is it help to someone who has been locked out the system. That form is there so google can AVOID dealing with the problem. Mail is not a light matter, my life is in that account. For Google to lock me out and not help me is just unethical, no matter how you look at it!  I got my account back by a stroke of luck, I am under no illusion about that. Google would have been quite happy to wipe me off and 4 years of my mail and contacts would have been gone and they would have taken 0.0 responsibility or given a damn. And that, is unethical! This is not an opinion but is a statement of truth, and it is incumbent upon all honest men to stand up and state that, here in this place on this forum!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/14/10 4:25 PM
@pbfreeman


"You can't do this on Google"

Yes, you can. If you created a different Google Account for each app (which I wouldn't recommend in the least, which is why I said it would be a nightmare to manage.)

"On my computer I have my gmail ID and password stored in my browser (prior to logging in) so that when I want to log in I can just click on the button and I do not have to type out my whole ID and password each time."

Maybe that's your problem. Saved passwords. It can sometimes be a risky venture, depending on the browser you are using, which version you are using, how often you keep it up to date, etc... Also, if someone got into the account and changed your password, your "saved password" wouldn't work. Just because spam wasn't sent from your account doesn't mean your account wasn't compromised.


"On my phone I have the gmail mobile app, on this app I have my ID and password stored in the log in fields"
"On my phone I have the google chat app, on this app I have my ID and password stored in the log in fields"

Your ID and password is stored all over the place. No wonder your account was compromised. Now, granted, this isn't necessarily a guaranteed bad thing to do, but it definitely increases the likelihood of interception points.


"How? I accidentally change my password on all 3 apps?"

Maybe someone else compromised your account and changed the password for you. There are many other possible answers to your question than just the easy "blame Google" one.

"on their mainframe"

Wow.

"Then I discovered that I had entered in error my secondary email address as a yahoo.com and not the yahoo.co.uk that it actually is, my mistake."

And here, all this time, you've been saying it was all Google's fault. Thanks for coming clean, though.

"As for the APIs, I have no idea what you are talking about."
"Why do Google call it an APIs in the mail?"

I have to take your word for what you say, that it called it a Google Web API Access code in the email. What's curious, though, is why this email can be found in your friend's Gmail account. This would mean the email was sent BY your friend, not DIRECTLY from Google. Perhaps your friend, instead of having you original create your Gmail account directly, created the account FOR you and THEN provided you with the login credentials? If so, that might have been another potential attack point for someone compromising your email account in the first place.

"Is that not a little strange to you?"

Yes, it is very strange that:

1) Google doesn't send you emails directly, but has your friend send them to you from his account.
2) Your very first email was a Google Web API access code, but you have nothing to do with an API.

What's strange is not that Google would do this, but what would you or your friend have done to generate this kind of activity. It doesn't sound like you or your friend are using the system the way it was intended. You should only ever create accounts for yourself sitting at the computer personally, and not share passwords with friends to let them login on your behalf. A lot of shady stuff going on.


"Why call it a different name? Honesty???"

Maybe your friend called it a different name when he created the account for you, then sent you your very first email?

You're right. It could very well be that some Google employee has a problem with you, for whatever reason... decided to hack into the system to mess with you (keep in mind that, internally within Google, employees don't just have open access to all data... the security is just as tight from within Google as it is between one Google user and another.) Yet, you keep pointing to other users with completely unrelated problems and proclaiming that there is a larger conspiracy (complete with lies and cover-ups) that you have somehow got sucked into. Isn't it easy for you to consider the fact just how silly that sounds? I'm not saying they're not out to get you... I'm just saying that if they really ARE out to get you, find proof first, THEN start attacking. Being unable to login to your account is only proof that SOMETHING or SOMEONE changed your password... it doesn't HAVE TO be Google that does this.

"My sent mail has nothing new in it that I did not send. So now what?"
"My account was not hacked, it was not stolen, I was simply locked out."

Those aren't A=B conclusions to draw. Someone can hack into your account, only to have the account get locked to protect you. If the account gets locked to protect you, it's not some Google employee manually doing it, it's an automated system. So, you're basically upset that the system which prevented your account from being hacked actually worked. Nice. Then, you admitted that you used the wrong email address for your backup-email, but still insist this is a Google problem to be solved.

"8.6 Disabling accounts people get chucked off, just like me, what can I tell you?"

Some people do criminal things and then their account gets locked, then they complain. They conveniently leave out the criminal activity and just suggest that Google is out to get them, because they're pissed that Google caught onto them. In other cases, someone else hacks into someone's account (because they weren't careful enough with their password), then they change the password and leave. The person who's account is hacked assumes that because nothing was tampered with (although, of course, something WAS tampered with... the password), that something else nefarious must be the problem. Then, they post on forums saying that Google is out to get them.

This type of stuff happens every day, so pointing to the fact that a Wikipedia article says that people sometimes claim to be locked out of their accounts doesn't mean that your scenario is either of the above two, so I'm not sure why you'd lump yourself in with that crowd. In your case, it was likely due to the fact that someone else created the account on your behalf, and possible the fact that you didn't change your password at least every 3-6 months or so.


"And lastly the ethical issue. In the world today it is not fashionable to call things what they are, stand up and make a noise about wrong things being wrong. It makes people uncomfortable."

Actually, in the world today it is SUPER fashionable for people to stand up and make a noise on the Internet. It's called trolling. Not sure what motivates it, but it happens everywhere.


"Any thief would be able to fill that form in using the information in the account they had stolen, so what is that form for?"

Really? It was YOUR account and YOU had a hard time providing that information, yet you think a thief would do better? I'm not quite sure which side of this issue you are on. Are you upset because it was so difficult to get back into your account, or are you upset that it was so easy to get back into your account?

"Mail is not a light matter, my life is in that account."

Is your life worth $50 per year? If so, you get a phone number you can call to call Google's tech support. It's called Google Apps.

"Google would have been quite happy to wipe me off and 4 years of my mail and contacts would have been gone and they would have taken 0.0 responsibility or given a damn."

I'm pretty sure they would have cared very much. Hard to serve personalized contextual ads to you if you can't login. I've heard that's where they make their money. Ads.

I do want you to know, though, I feel your pain. I know you went through a traumatic experience. I wouldn't wish that on anyone. All I'm saying is that you haven't really said anything that suggests to me that Google positively was just trying to mess with you. There are still plenty of gaps in the situation where some hacker or acquaintance was messing with you and is happy to see that you've diverted all of your attention elsewhere.

Nice chatting with you, though. I'm glad you got everything back in order. I'd recommend updating that secondary email address, setting a mobile number (if you've got one) and personalizing your own security question.

One thing I like to do is I write a security question that is something personal, but then I give a wrong answer on purpose... a wrong answer that I will always remember. That way, even if someone knows me, they'll get the answer wrong.

Re: Argh spam sent from my email address, hacked? pbfreeman 9/15/10 4:34 AM
BIGELLOW my friend I am sure you understand that actions speak louder than words or intent. What I am upset about is the actions I see Google taking over this issue. Primarily I see that they have not accounted for system failure, and people such as yourself that are so convinced that a system failure is the one impossibility in this situation, are not helping in this. What if it is a system failure? Have you asked yourself that? A system failure would show up in all sorts of confusing ways, such as what happened to me or the account being locked... or the password record being altered in the google database... why would this be impossible? I do not expect Google to be infallible, the system is designed and run by people and people make mistakes, it is impossible that Google are exempt from this, which is why I am appalled that they are not accounting for this or taking any steps to claim responsibility for their system and help when it goes wrong, which it does and will...

I am sure that a help system can be implemented, I am not an advocate of a million person strong free call centre that the world and his dog can bother night and day, but in the event of someone having a real problem, it is just not right that Google do not have some kind of system in place to help. Actions speak loudly here, how is it that Google can say they care? There is no help to be had! Bang your are out. I was very lucky, look at the forums, people are not getting their accounts back.

Yes I made an oversight in my back up email, however I did not reset or forget my password and neither did I delete my security question, so how you can say that I admit that I am responsible for this I do not understand. I opened my own account, my friend did not open it for me and the only reason he let me into his account is right now he is medically unable to get to a computer himself. (if he had not where would I be?) Further his account from back then is now a secondary account for him, its not his main account and so he did not mind me looking into it to help me. As for the APIs, I am starting to think we are on a different wave length here. From where I am standing an APIs is an account recovery code, issed by Google to every account holder, what is it to you? I can only think that in the early days back in 2006, I was sent mine through my friends account, as he was the one who had invited me and these codes were issued through the invite system somehow back then. What is your take? Both me and my friend were brand new to google and had zero experience with any of Google's systems. If we had an APIs then google issued it to us. Why would then not? Clearly everyone need one or if their account gets compromised through any means, they are out! What I don't understand is why no explanation got issued with the code, I can only think that was an early days issue that surely now has been sorted out. A secret code that is so secret not even you know what it is yourself, is not much help! Hahaha :)

Now I hear what you are saying about my password being stored all over the place, but from what I understand it is safe to do this on Firefox (yes up to date 100%) and Blackberry. No? What I do not understand though, is why would a hacker/thief go to all the trouble of obtaining my account and then not do anything with it? Like a guy breaking into your car and starting the engine but then not driving off. Why? Further if they really wanted the account why would they not immediately got to recovery and fill in the ARF? With the account open and the password in hand they would be able to fill in the ARF I would say 100% accurately. I on the other hand I would have to remember all the info the ARF is asking for, what date did you open your account on and what was the URL in your invite? No problem for an account thief looking at your account! After the thief has filled in the ARF they would have the account so under their control that the account owner would be out and dusted and Google would have no clue. Why would Google equip the thief so perfectly with the current ARF? Its part of the 'actions' that I am frustrated and talking about, its part of my point that the 'thief' story is somewhat unbelievable from where I am standing. If Google believed that my account was compromised by a third party and not by myself or a system failure, the current ARF would not be an appropriate response. Google would have to be asking me questions the thief would NOT be able to look up on the account. No? So do you blame me for coming to the conclusion that Google could not possibly be so stupid as to equip and enable 'thieves' and that the ARF is posted in the knowledge that their clients are recovering accounts either they themselves or the system has compromised.

By the way bkc56 who wrote the articles you pointed me to has been very kindly answering my question on another thread, and he says that if his account were to lock him out he is not sure he would be able to get it back using the ARF! He has been calling for the ARF to be redesigned and his words are falling on  deaf ears. Why would that be?

All I am saying is that google is not helping anyone or anything with the ARF, its an inappropriate response form google to someone who has been locked out their account, either by hackers or by accident themselves or through a system failure, and I do not believe Google has intentions to help by posting the ARF. I think they have invented the ARF to avoid helping and that speaks of attitude! Now do you think my comments are those of a Troll or a genuine protester, upset and looking for change for the better for all?

Thanks for the tip about Google Apps, I think I am going to take them up on it. Why they don't let us gmail users know they offer this I don't know, and why they misleadingly call a pro-mail account 'Apps', I am also baffled about... they don't want people to know about it and subscribe? If you saw a button that said "Google Pro-mail" on your gmail account, what would you think it was pointing to? I think they would get some clicks and some clients...

Anyway Google must have people that think very differently to me, but thanks for bearing with me and for your help, I apologise for being so blunt, but I know you can see my frustration, so thanks again :)
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/15/10 9:14 AM
@pbfreeman

If there is a system failure, and they are able to reproduce it, they've got engineers to fix it. In the meantime, it's what anyone can expect from a free service. The $50/year service includes access to a customer service phone number. Worth it if you're not willing to deal with hiccups like this.

The problem with making things "easier" is that it also makes the security "weaker". It's a tricky balance to play. If a form asks questions that are too obscure, there will always be the limited cases where people will complain that it isn't easy enough. If a form asks questions that are too easy, accounts will be more likely to be compromised by information a hacker could easily find out online. If it's a phone number and not a form, the problem is the same, but now there is a physical person who can be tricked or duped. To hackers, it's called social engineering. If you can trick the customer service person into giving you access, then security is compromised. If the customer service person tries to hard to protect the account, they might potentially piss off the legitimate customer trying to gain access to their account.

The world is full of people who try to stick AOL CDs into their home stereo systems, to computer gurus who are absolutely convinced the problem MUST be "X" when, in the end, the problem turns out to be "Y"... at which point, they aren't willing to admit to it. So, giving a phone number for anyone to call whenever they can't login would ultimately be impossible to keep out those who COULD be helped through research online and patience and perseverance. Again, $50/yr isn't bad to have a phone number to call. It also gives you 25 GB of storage for email, I believe.

"I was very lucky, look at the forums, people are not getting their accounts back."

There's no doubt that no matter how "perfect" a system is, there will always be a percentage of people who slip through the cracks. Setup a phone number that anyone will call and the forums will be flooded with messages like:

"That customer service person was so rude!"
"I was on hold for 7 minutes! My time is valuable!"
"The customer service person asked me for personal information like my real last name. I'm not giving The Man information like that!"
"They expect me to have a phone!?"

I'm not saying that all people who have a problem are exaggerating or aren't legitimately having issues, but simply finding complaints posted online isn't exactly the same as a scientific study to prove that a problem exists or how extensive that problem is. Sometimes people whose computers are infected by a virus are absolutely certain their computer is fine because the three different reputable antivirus applications give them a clean bill of health, only to later discover that a fourth antivirus application actually finds something nefarious. (After all, if you accept the fact that some things can be fallible, then so could antivirus software.)

"Yes I made an oversight in my back up email... so how you can say that I admit that I am responsible for this I do not understand."

I never said that you admit fault for the problem. I only suggested that you were responsible for the problem being as big as it was. If your back-up email had been up-to-date, you would have discovered you couldn't login anywhere. You would have gone to the account recovery forms, had an email sent to your back-up email, clicked some links and been on your merry way. It's quite possible you wouldn't have needed to come to the forums for help, or had to bash Google for not having a customer service phone number for Gmail. In fact, I am quite confident that the original problem had nothing to do with you directly. Either your mobile phone was somehow compromised (some hackers can gain access to mobile phones remotely) or your computer was somehow compromised or your Internet connection was somehow compromised (ISPs are fallible, too)... or perhaps some hacker simply tried to gain access to your account, so your account was automatically locked to prevent their access. If the back-up email had been up-to-date, you would have been back in minutes after discovering an issue. Bad things happen. Always have insurance if you're not willing to deal with the consequences. In the case of a Google Account, the account recovery options are that insurance.

"I opened my own account, my friend did not open it for me"

There's still something fishy about this. Why would an email that pertains to *your* account be found in your friend's account? When you sign up for a Gmail account the normal way, your first email should be an automated email from Google welcoming you to Gmail. If you get an email from Google with a Web API key, that email will come directly from Google to you. The fact that you were able to obtain access to your account by accessing information from your friend's account suggests that a security hole exists right there. I'm not sure why any information that pertains to your account would originate from your friend's account. The fact that your friend never uses that account anymore makes things worse. It probably means he hasn't changed the password to that account in over 6 months, which likely means that account could have been compromised which might have led to the compromising of your account, or the attempted compromising of your account, resulting in a lock-out.

API stands for "Application Programming Interface". If a programmer wants to interface with one of Google's services programmatically, she needs permission from Google first. So, she would sign up an API key via a form. This would then assign and email an API key. The programmer would then use that key in their program's code to give it permission to use the API. It's the equivalent of a "userid/password" combo, but for an application to use rather than a human.

So, if you received an email from Google way back then, you must have filled out a form to generate that key. The fact that this same email (with the same key) exists in your friend's Gmail account suggests that your friend was somehow involved in this process.

"I was sent mine through my friends account, as he was the one who had invited me and these codes were issued through the invite system somehow back then."

If it was the code generated by the invite, it would have referred to it as an "invite code", not an API code. It's possible that maybe your friend didn't have any more invite codes at that time, but discovered that he could sign up for an API code using a form and this might have been an alternative way to help get you into Gmail back before just anyone could sign up. Like I said, something just sounds fishy about this original process to start your Gmail account.

"I don't understand is why no explanation got issued with the code"

Since this would have been a code that was only generated and sent as a result of a programmer filling out a form requesting such a code, the explanation would have been unnecessary or would have been on the form. If your friend did this on your behalf to try to give you access to Gmail without using the standard invite system, then he would have been the one who knew what that code was. It was a long time ago, though, so it wouldn't be a surprise if your friend just didn't remember anymore.

"Now I hear what you are saying about my password being stored all over the place, but from what I understand it is safe to do this on Firefox (yes up to date 100%) and Blackberry. No?"

That's a very tricky thing to answer. It's like saying, "Driving is safe, no?" Yes, driving is generally safe. But, at the same time, walking is probably safer. Every little thing you do in life has an element of risk. Storing passwords in Firefox and your Blackberry has SOME element of risk, even if that element of risk is kept to a minimum by good security measures. I'm pretty confident in Firefox's security, but nothing is ever infallible. It's probably "good enough", unless you deal with state secrets. I can't really speak for Blackberry. It's probably pretty safe, but I don't know its methods. One thing about Firefox is that if you use a computer that is shared in any way by any other persons, your stored passwords can be easily retrieved. If anything ever compromises the security of your computer, your stored passwords in Firefox are also unsafe. A security system is only as safe as the weakest link in the chain. I believe this can be better protected through a "master password" in Firefox. I'm pretty sure it encrypts the stored passwords when you set a master password. Of course, then it becomes less convenient, as you will need to enter this master password each time.


"What I do not understand though, is why would a hacker/thief go to all the trouble of obtaining my account and then not do anything with it?"

Some thieves are automated bots. The programs will automatically try to gain access to millions of accounts through various automated means. If an account happens to be compromised, these bots will simply flag the account as a valid account to attack and move on. Once a list of usable accounts is collected, it could be sold to the highest bidder. That person would then try to do the bad things. In other cases, it's just a curiosity hacker. Someone who hacks not because they're spammers or out to get money, but because they just like a challenge. Maybe someone came across information regarding your account where they were convinced they could probably gain access. Then, upon gaining access, they moved on, satisfied enough with the break-in alone. Then, Google's systems detected the suspicious activity and locked the account to protect you. It's also possible someone was merely TRYING to break into your account, and Google's systems detected this suspicious activity BEFORE the would-be hacker could get in, stopping them in their tracks.

"Like a guy breaking into your car and starting the engine but then not driving off. Why?"

The alarm goes off, he gets scared, and runs away. Or, in this case, the alarms are triggered and the doors are automatically slammed shut and locked, and then you have to rely on the account recovery procedure to prove that you are the rightful owner of the "car".

Well, if someone was ALREADY successfully in the account, enough to read an email with information to fill out the ARF, there's really no reason for them to do it. They're already in. Like I said before, the steps which were originally taken to create your account in the first place (or to generate that Web API key) just seems unusual to me and should probably be looked into. I'm not saying your friend can't be trusted, but that there's something unusual about an API key existing both in your account AND your friend's account, and for this to be the very first email in your account ever. It just sounds like this account was not created through the normal channels or means.

"they would have the account so under their control"

Well, again... once someone is logged in to be able to see emails, they can't really be any more "in control" of the account, so the rest is moot. In fact, they'd have control over nearly any other service you signed up with that email address. They would be able to look up other third-party services you had signed up for using that email address, then use the "forgot password" functionality to have a reset link emailed to your account they have hijacked. Then, they'd be able to gain access to those third-party accounts as well. Your most protected password should be the password to your email account.

"the current ARF would not be an appropriate response"

There really is no perfect or fully appropriate response. This also exists in real life. I've seen instances where someone called a locksmith to gain access to their house (because they lost their key), and the information they provided to prove the house was really theirs could easily be faked or acquired by a thief. There's a tricky balance there that's impossible to get right because everyone has a different opinion on security. Hardcore security advocates would suggest that all password systems REQUIRE a user's password to be AT LEAST 10 characters long with both upper case and lower case letters, one or more numbers, and one or more symbols... and that this password be RANDOMLY GENERATED by the system and assigned to the user, without the user being able to choose their own password. Then, this password would be required to change every 3-6 months, without repeating any of the past 6 passwords. The reality is, that would be a customer service NIGHTMARE. So, somewhere down the line, a middle of the ground compromise is created. It's very possible that the logic behind the ARF is more complicated behind the scenes that it may appear. For instance, it may also capture the IP address that the form is being filled out from and comparing this to IP addresses previously known to recently access the account successfully. There could be a number of different "fuzzy logic" algorithms going on that are simply looking for more suspicious behavior. If the form had additional boxes on it, by entering the API key into the box, you may very well have gotten this *wrong*, but that all of the other boxes were filled out accurately enough that the system trusted that you were the owner.

Again, no matter how they change this form or process, there will be several legitimate arguments about how that method isn't appropriate either. The world really isn't as safe as we all think it is, so ignorance is bliss. No matter what you do, sometimes you'll be a target, so the best thing you can do is have insurance for it. If you're concerned about the data, implement a method to back it up. Make sure your account recovery information is up-to-date. Change your password from time to time. Don't ever reuse the same password in more than one place. Don't use IE. (You've already got yourself covered there.)

"He has been calling for the ARF to be redesigned and his words are falling on deaf ears. Why would that be?"

Everyone has a different opinion about how the ARF should be designed. Those who are perfectly happy the way it currently is would not take the time to go online and complain (because they're happy). If the ARF were redesigned to make another group of people happy, then a portion of the previously happy group would take to the online forums and start complaining, then wonder why their words are falling on deaf ears. This happens everywhere in life, and it's just an unfortunate side effect of creating a one-size-fits-all world. Some people want the Government to do more. Some people want the Government to have less power. Some want lower (or no) taxes. Others want the Government to pay for a bunch of stuff. For every group of people who get what they want, there will be others who feel their requests are falling on deaf ears. So, at some point, a company just has to make a decision to stick to a method that works for the most number of people and move on.

"Now do you think my comments are those of a Troll or a genuine protester, upset and looking for change for the better for all?"

Not at all. Keep in mind that there are plenty of other companies who also provide similar services. Maybe their ARF is more satisfactory. A company can only do so much to make everyone happy... then everyone else finds another company they are happier with. I don't see this as Google being "mean" to people or "ignoring" people... it's just a company with limited resources (inasmuch as you might think they have more engineers than exist in the world, they do not)... that is doing a pretty good job (in my opinion) at what they've set out to accomplish. The great thing about the free market is that if someone else has a better idea or thinks they could do a better job, they have the capability of creating an alternative (and better) service to compete, giving everyone the options they're looking for. As a consumer, I don't pick a company first, then demand that they give me precisely what I need. I look at all of the companies out there and find the one that has the product or service that most closely meets my needs. It's one thing to give feedback in hopes that you're in the majority and that things move further in a direction you'd prefer. It's another thing entirely to be in the minority, but still expect these changes to be made. My feeling is... if you want something, look for it... if you want something better, find it... if you can't find it, build it... if you can't build it, that's life.

Yeah, that is a problem (ironically) about Google. They make most of their money through advertising, but they really don't do a whole lot of advertising themselves. The reason it's called "Google Apps" is because it's a package deal. It's not JUST email... it's Google Docs and some other services as well. It is geared primarily towards businesses who want to give Google-based services to their employees (at $50/year per employee), but you can just as easily sign up as an individual as a single "business" with a single "employee". They don't require you to be a business, per se, but they market it this way.

You do have to own your own domain name... if you don't already, you can usually get one for roughly $10/yr. So, your email address would be customized to your own domain name... you'd get 25 GB of storage instead of the current 7 or 8... in the admin panel, you have the option to turn off the ads in Gmail... in situations of being locked out or the service being down, you get a pin number and a phone number you can call. (I'd recommend writing these down somewhere offline, so that you can access it when things actually go down.) Sometimes the only side effect of using Google Apps is that some new features might roll out to free Gmail users first, then LATER to the Google Apps people. (Buzz, for instance, isn't in Google Apps, I don't think.) In some rare cases, however, it's the opposite. I'm pretty sure Priority Inbox rolled out to Google Apps people first, THEN the free Gmail users.

I absolutely agree with you. If they marketed Google Apps within Gmail as "Gmail Pro" or something like that... and made the process simple and straight forward to register a personalized domain name, automatically configure the DNS (that they could host themselves), etc... then they'd probably get a whole lot more sign ups. It's very possible this could be their plan for the future, but they can be sometimes slow to move forward on certain things. They still put 70% of their time and resources into search.

I appreciate you taking the time to discuss this. There are a lot of things that are often overlooked (especially when it comes to security) because with all of these new technologies (and business concepts) there are millions of different opinions about how it should all be handled. In the case of advertising something like "Gmail Pro" from within Gmail, it's very possible that they are already doing this, but they will put these ads in the same spots that all other ads appear. Some people can become a bit "blind" to these ads over time, so may never notice them. Whenever someone suggests that since Google OWNS Gmail, they could pop up a big bubble advertising these things, others suggest that this would be unfair to their other advertisers. It's a really fine line to balance on. They are both an advertiser AND a company that builds competitive products. Imagine, for instance, that a bunch of anti-virus companies pay Google lots of money to advertise their software on various Google services. Then, imagine Google engineers figure out a "better way" to do anti-virus, so they build their own product. Then, imagine they start advertising this product, but they place this advertising in areas where normal third-party advertisers are not allowed to place their ads. Pretty soon, as an advertising company, they start to look pretty shady. So, instead, for the most part, Google just advertises their own products using the same type of ad placement that any other company can pay to use. Technically this means Google IS paying money for this advertising, because everywhere one of their ads appear, a third-party ad won't appear. So, it's lost potential money which is the same thing as a cost, though it's cheaper for them because they can just deduct what would have been the advertising profit.

So, in some cases, when there is something really simple that Google could do, there are plenty of other people just waiting to jump on them an tell them it was a terrible idea. Some groups even count the number of words on their home page. Privacy advocates complained that you had to click two levels deep to find their privacy policy. They insisted that Google needed to be like everyone else and provide a privacy link directly on their home page. When they did this, the people who count the number of words on their home page complained that the number of words were one too many. To solve this problem, they changed the message at the bottom from "© 2010 Google - Privacy" to "© 2010 - Privacy" Yes, they removed the name of their company just so that the number of words on the home page would keep people happy and also satisfy the requirements of the privacy advocates.

So, sometimes, when the things Google does (or the things Google doesn't do) seem really lame... or it seems like they're just not listening to their users... in some cases, the problem is that they ARE listening to their users and their users aren't so good at web design. ;)

Re: Argh spam sent from my email address, hacked? bkc56 9/15/10 9:48 AM
Wow, no way can I compete with the novellas you guys are writing (but it's an interesting read).

By the way bkc56 ... says that if his account were to lock him out he is not sure he would be able to get it back using the ARF! He has been calling for the ARF to be redesigned and his words are falling on  deaf ears. Why would that be?

Just a footnote here, Google is working on the account recovery process so they are NOT ignoring the problems with the ARF.

My "complaint" is that the hackers/scammers/spammers have gotten a LOT more aggressive and the current system for prevention/detection/recovery has fallen behind.  Google needs to make improvements FASTER.

The Google engineers spent little (if any) time in the forums.  I do.  I don't have time to help hundreds of other people because I spend so much time copy/pasting the same account recovery information into scores of thread EVERY day.

That's what's bugging me.

We not return you to our regularly scheduled debate...    :-)
Re: Argh spam sent from my email address, hacked? jennifervawter 9/17/10 8:17 AM
I am 100% sure that I have CLOSED this account, 100 % ( my husband hacked it about 5 months ago and I closed it then!) now why am I recieving this????
 
 Flag this message

[We have a cheap Replica_Watches]

Wednesday, September 8, 2010 7:19 PM
Re: Argh spam sent from my email address, hacked? ___Keith___ 9/17/10 8:22 AM
Your husband has gone into the replica watch business...
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/17/10 9:21 AM
@jennifervawter

It's very easy (very very easy) for an email sender to send email and make it *appear* to come from any other email address, even if it didn't.

So, if that account is closed 100%, then it means it is closed and that email didn't really come from your account. Your email address is just in various spammers databases and in addition to trying to send to that email address, they are also using that email address as a so-called "from" email address.

It is curious, though, that in order for you to have your account "closed" your husband had to "hack it". Very interesting.

Re: Argh spam sent from my email address, hacked? Mike CH. 9/20/10 9:23 AM
For what it's worth I am a Google engineer and I do read quite a lot of these posts (gotta admit I only skimmed some of the recent big ones!).

Yes, it's true what bkc56 says. We've made a lot of changes and yet we still need to work faster.
Re: Argh spam sent from my email address, hacked? Mike CH. 9/20/10 12:22 PM
By the way, for an example of one improvement that has been asked about in these forums (by RedSoxRobbe) see this blog post:


It's not available for regular (non business) Gmail yet, but we're working on it. We've also improved the ARF behind the scenes recently. So improvements are coming ....
Re: Argh spam sent from my email address, hacked? RowRow78 9/22/10 12:00 AM
Hey guys & gals,

My account was hacked last night from ISP: China (123.161.116.253) and all my contacts rec'd an annoying message.

I've read most of this thread and followed all the advice so hopefully it won't happen again...HOWEVER...I see I'm not the only one to pose the following question:

Why can't you turn off the Auto-Save function gmail has on email addresses?

The attack wouldn't have been so bad if it was only the people in My Contacts, but it spammed all my "other contacts" which were several hundred...

Unless I've missed a response, there were at least five people asking this and nobody replied....

 
Re: Argh spam sent from my email address, hacked? JohnW2 9/22/10 1:57 AM
@RowRow78 - just to say your assertion may not be "entirely" correct. No Gmail account may send out more than 500 messages in any 24hr period - for precisely the reason you require (to prevent spamming) so perhaps a fair proportion might have received an unwelcome message. It may look as if they have but there's a fair chance that the monitoring system shut the transmission off before too many people were addressed.
The damage is done now: let's hope your change of password and update of other security matters prevent a recurrence.
Oh, and you could look on the bright side: the "automatic collection" of addresses may just have prevented the lower end of your Contacts list (towards the "Z..s" from being reached and thus spammed! 
Let's just hope the up-coming changes Google are making to account security get put into Gmail sooner rather than later. 
Re: Argh spam sent from my email address, hacked? primospizza 9/23/10 10:56 AM
This is the second time this year that my gmail account has been hacked.  Funny.....never had it happen a single time with my yahoo account that I have had for several years now......
 
Guess which account I will not be using anymore?  Ding ding ding - GMAIL is the correct answer!
Re: Argh spam sent from my email address, hacked? Bob Oliver Bigellow XLII 9/23/10 9:51 PM
Wholly scientific conclusions are fun.

Re: Argh spam sent from my email address, hacked? J2Bryson 10/6/10 12:12 AM
My password has not been compromised, but someone has been giving away my email as theirs to paypal etc. (well, not really my email -- mine is joanna.j and they keep giving away joannaj, but that comes to me due to google defaults.  they have also given this email to their grandmother, but I can't get her to tell me who it is.)  Now someone has applied to google to be able to send mail as joannaj, but that confirmation also came to me.  So you could say that the system works, because I'm able to stop them, but I'm very freaked out.  I even have the email address of the person trying to get my email, but I can't find who at google to report this to.  I think it is their obligation to fix this.  I also think that I should not get email to joannaj as it never has anything to do with me.  They should just make joannaj a non email, or else let someone have that email but leave me alone about it.
Re: Argh spam sent from my email address, hacked? bkc56 10/6/10 12:20 AM
mine is joanna.j and they keep giving away joannaj

Dots in account names are not significant.  That is, first.last@ is the same e-mail address as firstlast@.  Receiving a message with an address with a different configuration of dots does not mean there are two accounts with the same name.

That said... There is nothing to prevent people from using the wrong address when they send a message, or giving out the wrong address (like on a business card or when registering at a web-site) to others.  Think of it as someone dialing the wrong phone number, or getting a couple digits reversed when giving the number to someone else.

Re: Argh spam sent from my email address, hacked? joemadeus 10/6/10 9:02 AM
"Dots in account names are not significant.  That is, first.last@ is the same e-mail address as firstlast@.  Receiving a message with an address with a different configuration of dots does not mean there are two accounts with the same name."

bkc, this isn't correct. Punctuation (including dots) is significant in RFC822 (email) messages. Figure that Joanna wouldn't be reporting the trouble she's having if they weren't.


-j
Re: Argh spam sent from my email address, hacked? JohnW2 10/6/10 9:22 AM
@joemadeus - please see http://knol.google.com/k/getting-someone-else-s-mail-the-dots-issue# and you might then understand that in Gmail addresses, the "dots" are not significant - (as Brett has already stated).
If you still don't believe, then see http://mail.google.com/support/bin/answer.py?hl=en&answer=10313 from the Gmail Help pages which explains
Re: Argh spam sent from my email address, hacked? dzhang56 10/6/10 5:08 PM
Hi All,
 
I have been hacked too and I just want to know if there is any way to recover the contacts and emails the hackers deleted. Which is also curious to me, why would they delete all my contacts and in the process of deleting my emails? What is the point of that?
 
Anyways I assume there is no way to recover what I have lost but if anyone can help I would greatly appreciate whatever you can do.
 
Thanks!
 
Re: Argh spam sent from my email address, hacked? bkc56 10/6/10 8:44 PM
Anyways I assume there is no way to recover what I have lost ...

That is correct.  Unless you have your own backup of your contacts or e-mail history, there's no way to recover it when deleted by hackers.
Re: Argh spam sent from my email address, hacked? trenticle 10/17/10 9:50 PM
I think my android phone is the cause of my gmail getting hacked.  I think that there may be an app that is accessing (harvesting) my account information. 
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 10/17/10 10:12 PM
trenticle,

Could also be Facebook and/or any other social website or possibly a weak password.
Re: Argh spam sent from my email address, hacked? JLGonTheMove 10/20/10 3:01 AM
Does anybody get any help from Google...I have been trying for months without success
Re: Argh spam sent from my email address, hacked? JohnW2 10/20/10 8:46 AM
@JLGonTheMove -  it may have passed your notice that this is a User2User Help forum, and in general it's fair to say that there are no Google staff around to provide answers to other than 'general' situations. However there are (rare) exceptions, with this thread having been graced on a few occasions by Mike, who is a Google staffer. 
Normally, Google provides no Tech Support for any users of its free services - only those who pay for a Premier account get that privilege!!
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 10/20/10 10:20 AM
JLG,

Must have been moving too fast as I have just been through this thread and could not find a previous request for help so I looked up your profile and there is one previous entry which has to do with a mobile phone and is in the wrong forum which is probably why you never got an answer. I'll offer an answer to that now but it would have helped if you had specified the make of phone at least so I could move it to the correct forum.
Re: Argh spam sent from my email address, hacked? m0thman 10/24/10 11:22 AM
Just discovered the same spammy email "I got my laptop this morning , I ordered it from a Chinese site..." sent to all my contacts and checking my account recent history has revealed this as the culprit.

China (115.52.174.158)16:23 (2.5 hours ago)

I can't prove that this was the reason, but interestingly enough I installed an app on my Android phone last night; a silly little game and today I'm unable to access the market place to install some security software.  I suspect the app (which I am unable to find now) was simply a means to harvest google accounts.  Many users are (including myself) have been a bit careless in checking what resources an app uses.
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 10/24/10 12:58 PM
m0thman,

Please try to remember so it can be reported to Google.
Re: Argh spam sent from my email address, hacked? J2Bryson 10/28/10 8:38 AM
In response to comments on my older post about joanna.j vs. joannaj, I know *gmail* doesn't consider these differences significant, but they in fact are -- the vast majority of my spam goes to joannaj for some reason.  So they should be using the fact that people are typing my name wrong as a prior in their spam detection.  And I would like to have an option to decide whether or not mail without the dot goes straight to spam (or some other filter like "you probably have the wrong email address, or did you really mean to write to [my name]"
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 10/28/10 8:42 AM
Sounds as if most of the incoming addressed wrongly is Spam.
Re: Argh spam sent from my email address, hacked? CocchiFamily 10/29/10 7:32 PM
Mike CH (Google Employee) with regards to your post on 4/3/10, Your response
 
"Secondly, there is no exploit or hack in Gmail that we are aware of. In absolutely every case of this we have investigated the problem was viruses, phishing or password re-use "
 
My Gmail password is distinct and not used on any other web-site login.  No viruses on my machine now or before and never click on URL's embeded within emails other than YouTube....always type in URL's manually (so probably not phished).....
 
I have since Canged my password, is there any way you can block login access to this account from any non-US IP address (never login from outside the US)
Re: Argh spam sent from my email address, hacked? uncompromised 11/16/10 8:38 PM
CNN has reported that accounts are vulnerable to a backdoor which has been opened in order to carry out search warrants. So what, are we screwed?
Re: Argh spam sent from my email address, hacked? KeithR 11/16/10 9:30 PM
Google would have no need of a backdoor to carry out search warrants.  Their engineers have full access to the servers.
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 11/17/10 1:46 AM
Google would then have to translate using a form of de-encryption for any emails sent since "https" was brought in because I doubt they are using anything simple in the way of a code. It's easier to employ hackers to find the password for the account and have the mail open up on it's own. In the UK we had somebody imprisoned because he refused to give up his 24 digit code and it was unbreakable as far as the biggest computers were concerned unless it got really lucky or ran for the next 100 years or so.
Re: Argh spam sent from my email address, hacked? STaasadr 11/19/10 9:36 PM
My dad's account got hacked. He is in a different city so I cannot see whats on his computer. But I am guessing he got a virus that led to the compromise of his account.. Hence the suggestion above.

the following spam was sent to every one in the contact list.
************
I have a good information to share with you.
A while ago,a trading company attractive to me,
the price is very competitive advantage, so I bought some products.
It is very exciting,very pleased when I got and saw my goods.
I think you can go to see: elebuys.com
> you'll save more money in there. j--.
>

Re: Argh spam sent from my email address, hacked? krisdestruction 11/19/10 10:16 PM
For everyone who keeps replying to this post about spam issues, I suggest that you post an issue into individual issues where contributers can then help you one at a time. I don't know about you, but I refuse to read 403 posts in succession and resolving each issue going along.
Re: Argh spam sent from my email address, hacked? KeithR 11/20/10 8:58 PM
@STaasadr, you can make suggestions for changes to Gmail at [1].
For now, work through the Gmail Security Checklist at [2] to make sure the account is as secure as possible.
Re: Argh spam sent from my email address, hacked? lucid1651 11/21/10 8:52 PM
This happened yesterday exactly as TISA P points out. I used my account to send an email through my iPhone last night and I see that the exact same time, a spam message was sent to all my contacts. 

I fear there might be a connection. I have changed my passwords and checked everything else, no problems, which leads me to beleive that my account was indeed not compromised, however, there may have been a connection to the above. 



Re: Argh spam sent from my email address, hacked? sumon2k7 11/23/10 6:46 PM
I know the technique of regaining a hacked gmail account. I have been using this for couple of months and become successful each time i get hacked !!


[url=http://www.hacked-email.com/]password recovery [/url]
Re: Argh spam sent from my email address, hacked? KeithR 11/23/10 7:02 PM
@sumon2k7, try the Gmail security checklist.  You might save yourself some trouble.
Re: Argh spam sent from my email address, hacked? Khalida.Mahdi 11/24/10 1:28 PM
Well, the same stupid thing happened to me. It sent out an email saying I bought a Macbook Pro for a cheap price and it had a link to the website. I clicked the website to see what it was, and it was a website with electronics, and it was CHINESE! I seriously bet it was them. I changed my password as quickly as possible and sent an apology to all my contacts. Hope you find this useful
Re: Argh spam sent from my email address, hacked? sssnew 12/25/10 9:07 AM

My email was also hacked. I was in gmail , red bar just appeared on top and google said "we think your account was accessed from another country", 

"""If the activity below doesn't look like yours, change your password immediately"""

Access Type = Unknown 
Location =  (IP address) United States (x10vps.com:69.175.6.120) 
Date/Time =  Dec 22 (3 days ago)
------------------
what is the (x10vps.com:69.175.6.120) in U.S.A. ??
please help

Re: Argh spam sent from my email address, hacked? KeithR 12/25/10 2:30 PM
x10vps.com is a "proxy server".  It's used by people from countries where censorship exists and allows them to browse the Internet as if they were located in the USA.  Unfortunately in this case it has been used by someone who wants to hide their identity for criminal purposes.
Re: Argh spam sent from my email address, hacked? momofjkg 1/10/11 7:46 AM
I too was a victim but admittedly it was my fault since I was using the same password on both my gmail accounts.  The person or people who did it not only changed the password, they wiped out all my saved messages and mailboxes and they deleted my contacts.

Fortunately I was able to recover the contacts and able to send everyone a message that it was fraud and a hoax.  Interestingly, not everyone was sent the message:
"Sent: Tue, January 4, 2011 8:14:42 PM
Subject: SAD NEWS!!!

I'm writing this with tears in my eyes, I and my family came down here to London, United Kingdom for a short vacation unfortunately we got mugged at the park of the hotel where we lodge ,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.
 
We've been to the embassy and the Police here but they're not helping issues at all and our return flight leaves pretty soon from now but we are having problems sorting the hotel bills and the hotel manager won't let us checkout until we settle the bills, We freaked out at the moment.

Marion"

I suspect that I discovered the invasion early enough but several people have contacted me to say they thought it was a hoax since it just didn't sound like me.  Except for all saved messages being gone, I have recovered most everything else.  I certainly have learned a valuable lesson that ease for my memory remembering password it isn't worth it.

One thing I discovered in the Web history was that apparently the guilty one was from Nigeria since he  or they visited a Nigerian University website.  No other info was available but I have received the spam messages in the past from some unknown soliciting money - always automatically put into spam and never opened.  I NEVER open a message from anyone I don't know or open attachments. 

Good luck to everyone with honest and innocent communication in mind using Gmail or any other account - the bad guys
are waiting everywhere.
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/10/11 8:04 AM
momo,

Going to suggest you check out http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?hd=ns#

Google has now instituted a warning on emails such as this that they may be from a compromised account which was triggered in my emails even though it is from a known safe site.
Re: Argh spam sent from my email address, hacked? sssnew 1/10/11 9:50 AM
today google sent to me a email (spam) and says with the red bar "'Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.  Learn more """
 
what is this email  ??????
here is the full email  (spam)
-----------------------------------------------------------------------------------------------------------------------------
 
fromGoogle Help <nor...@google.com>                               hide details 9:16 PM (1 hour ago)
topwnim...@gmail.com
dateMon  Jan 10, 2011 at 9:16 PM
subjectRe: [Gmail Help] Argh spam sent from my email address, hacked?
mailed-byconfucius.bounces.google.com
signed-bygoogle.com
 
Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.  Learn more 
momofjkg has posted an answer to the question "Argh spam sent from my email address, hacked?":

I too was a victim but admittedly it was my fault since I was using the same password on both my gmail accounts.  The person or people who did it not only changed the password, they wiped out all my saved messages and mailboxes and they deleted my contacts.
Fortunately I ***************, not everyone was sent the message:

"Sent: Tue, January 4, 2011 8:14:42 PM
Subject: SAD NEWS!!!
I'm
writing *********luckily for us we still have our passports with
us.
 
We've been to ************************ checkout until we settle the bills, We freaked out
at the moment.
Marion"
I suspect *****************************************Gmail or any other account - the bad guys are waiting everywhere.
 
View this question at the Google Help Forum
Unsubscribe from answers to this question
 Reply Forward
------------------------------------------------------------------------------------------------------------------
 
please explain this email
thanks
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/10/11 9:53 AM
nimal,

Please read my reply which is one above yours.
Re: Argh spam sent from my email address, hacked? MsI53 1/10/11 11:15 AM
Wait a minute. The message that nimal posted appears to be a help forum notification email of the message posted by momo. I don't know why google would flag its own message, but the content is just a repeat of the other one.

nimal, were you previously subscribed to this thread?
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/10/11 11:27 AM
10th December

Re: Argh spam sent from my email address, hacked? MsI53 1/10/11 12:30 PM
10th December? You lost me.
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/10/11 12:46 PM
nimal posted on that date.

Re: Argh spam sent from my email address, hacked? KeithR 1/10/11 1:08 PM
I too got a warning from the message sent by momofjkg. but mine was on a blue background.  I thought they came on a red background.  I checked the raw text and it looks normal.
Re: Argh spam sent from my email address, hacked? MsI53 1/10/11 3:17 PM
I must be blind. The only previous post I see from nimal is dated 12/25.

But either way, Keith having received the same message, I think it's clear we are not talking about spam but just a notification of a new posting in here.
Re: Argh spam sent from my email address, hacked? KeithR 1/10/11 6:23 PM
Manny read the date wrong or an earlier post.  nimal's previous post shows as 26/12/10 to me and starts:
Re: Argh spam sent from my email address, hacked? djrobin 1/10/11 6:38 PM
My gmail account was also hacked into by someone in Poland... an email was sent to ALL MY CONTACTS with a link to a suspicious .exe file... did a reverse IP lookup and got the following results:

DOMAIN NAME:           darnet.pl
registrant type: organization
nameservers: ns3.netart.pl. [85.128.130.10]
ns2.netart.pl. [85.128.129.10]
ns1.netart.pl. [85.128.128.10]
created: 2004.11.22 11:16:07
last modified: 2010.11.03 09:23:08

no option


REGISTRAR:
NetArt Spolka Akcyjna S.K.A.
ul. Cystersow 20A
31-553 Krakow
Polska/Poland
+48.801 33 22 33
+48.12 297 88 10
+48.12 297 88 08

bi...@nazwa.pl

Re: Argh spam sent from my email address, hacked? sssnew 1/11/11 6:29 AM
please read my post again wich i posted on 1/10/11  i dont talk about my previous post ( 12/25/10 " My email was also hacked***************************"""  " ... ))  
  yesterday, (1/10/11)     i asked  only about a spam which  sent by google on jan 10 2011((it was in my spam box). . it is sent by google  (  (from : Google Help <nor...@google.com>) but google says "dont click any link in it.
 
(**Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.  Learn more  )
i think MsI53 is on the right way . i can't understand this mail
please help
thanks
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/11/11 6:53 AM
nimal

Sorry for the misunderstanding, The posts regarding dates of previous were in answer to Ms153 as she had queried whether you were previously subscribed to the thread.
Re: Argh spam sent from my email address, hacked? KeithR 1/11/11 12:06 PM
@nimal, we are also all three (C Man, MsI53 and I) in agreement that the message you received was a genuine message from this forum, but that the Gmail warning was a result of new programming that is attempting to protect us from dangerous scams, what we call a "false positive".
Re: Argh spam sent from my email address, hacked? ksmith161 1/11/11 9:16 PM
"
This happened yesterday exactly as TISA P points out. I used my account to send an email through my iPhone last night and I see that the exact same time, a spam message was sent to all my contacts. 

I fear there might be a connection. I have changed my passwords and checked everything else, no problems, which leads me to beleive that my account was indeed not compromised, however, there may have been a connection to the above

I had a spam message sent as well (the "randomletters.blogspot.com" link with no subject).

I was wondering if you where using third party sync software to sync your iPhone, i had something setup to sync with the iPhone, but had switched and forgot to shut off that access, i was using nuevasync (not saying that they where at fault) just trying to figure what happened, i had another one but trying to recall the name


Re: Argh spam sent from my email address, hacked? yoast 1/12/11 2:08 AM
djrobin. There is a separate thread on what to do if you have the IP from where an (attempt at) hacking has been observed.
http://www.google.com/support/forum/p/gmail/thread?tid=38569835b18232a9&hl=en  follow the advise there.
Re: Argh spam sent from my email address, hacked? bkc56 1/12/11 10:53 AM
If you look at all of the evidence, looks like a google problem to me.

No, your password was harvested and your account compromised.  They sent spam, probably modified your vacation responder too.

See the following article about how to re-secure an account that was compromised:  http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

Deleted contacts can now be restored to any state within the last 30-days:  http://mail.google.com/support/bin/answer.py?hl=en&answer=1069522
Re: Argh spam sent from my email address, hacked? out of office error 1/20/11 6:44 AM
Hi,

I've been unable to turn off my out of office reply. After reading this thread, it seems that my account may have been hacked? I've just changed my password, but I don't know what else to do to stop the out of office response from going off? Please can someone direct me through the procedure I need to follow? 


Re: Argh spam sent from my email address, hacked? JohnW2 1/20/11 9:23 AM
@out of office error -  at the top right-hand corner of your Gmail display, there's a link for Settings.
Click on that.
Select the General tab
Scroll down the page until you see the Out of Office AutoReply section.
Select Out of Office AutoReply off
Don't forget to "Save Changes" at the bottom of that page!
Re: Argh spam sent from my email address, hacked? Sushidragon 1/20/11 10:25 AM
I'm having a similar issues as 'out of office error,' but with my signature. A strange signature full of broken images has been added to all of my outgoing emails. If I try to go turn the signature off, I click 'no signature' and then 'save changes,' but it says that it can't save the changes because the signature is too long. If I do 'select all' in the signature text box (ctrl-A) and then hit 'delete' it still gives me the same issue (I guess it replaces the signature right away?). If I switch to HTML instead of Standard mode I am able to turn off my signature and this issue stops.
   
 
       
 
 
Re: Argh spam sent from my email address, hacked? Sushidragon 1/20/11 10:28 AM
Oh, and a few weeks ago my account was hacked by an IP in Australia. I went through the account reclamation steps and thought I had it secured.. I guess not? I also didn't receive a 'suspicious activity' alert, I had to view my access details to see that someone else was accessing the account.
   
 
       
 
 
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/20/11 3:58 PM
Please read http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?hd=ns#
Re: Argh spam sent from my email address, hacked? hydra.amery 1/29/11 9:36 AM
I just wanted to call Google's attention to the fact that Homerun.com hijacks people's address books (on Gmail, AOL, Yahoo, etc) by sending out 
fake promises of "Free Movie Tickets".  When the recipient logs in, his/her address book is used for spamming with the same method. 
Google needs to BLOCK access from  Homerun.com and take legal action against them -- or better buy the company and fire all the crooks who run it!
Re: Argh spam sent from my email address, hacked? The C Man ((mobile laureate)elder advisor) 1/29/11 9:58 AM
Hydra,

Please post a new question in http://www.google.com/support/forum/p/gmail/label?lid=21c7dfa3270c8374&hl=en and post the url/address for it back to here and I will get it Escalated for you.
More topics »