As soon as I saw the evidence in my sent folder and bouncing auto replies, I changed my password, and checked my account details. It appears that my Gmail account was accessed and used on a University of Canberra browser IP address, and a Ukraine Mobile IP address while I was at home last night. Stupidly, I left my Windows work computer on, and my Google account signed in last night. A virus scan of my Home Ubuntu has found no malicious software, but it might be too soon to tell.
I have sent these IP access details to UC's service desk for their investigation.
News of the hack has so far been covered by Terrence O'Brien at Switched: Hacked Gmail Accounts Hawking Viagra.
So far it seems likely that malicious software installed on user's computers have extracted account information from multiple users. Advice links are on O'Brien's article, but in short:
- Change password, reminder question, and secondary email
- Consider a different operating system than Windows (My home Ubuntu is unaffected)
- Run virus scanning software (although such software may need a few weeks to be updated)
- Change password, reminder question and secondary email again.