Friday, April 23, 2010

Gmail hacked

Last night (between 10pm and 12mn Canberra time) my Gmail account was hacked, and 500 people in my contacts were sent an email with the subjects either: +hi+ or Opa or Hello or ~~Hi~~ before gmail's security kicked in and automatically stopped the spamming. Interestingly, it seems no gmail users in my contact received the spam - either in their inboxes or the spam folders. Mostly my work colleagues seem to be the ones receiving and opening them.

As soon as I saw the evidence in my sent folder and bouncing auto replies, I changed my password, and checked my account details. It appears that my Gmail account was accessed and used on a University of Canberra browser IP address, and a Ukraine Mobile IP address while I was at home last night. Stupidly, I left my Windows work computer on, and my Google account signed in last night. A virus scan of my Home Ubuntu has found no malicious software, but it might be too soon to tell.

I have sent these IP access details to UC's service desk for their investigation.

News of the hack has so far been covered by Terrence O'Brien at Switched: Hacked Gmail Accounts Hawking Viagra.

So far it seems likely that malicious software installed on user's computers have extracted account information from multiple users. Advice links are on O'Brien's article, but in short:
  1. Change password, reminder question, and secondary email
  2. Consider a different operating system than Windows (My home Ubuntu is unaffected)
  3. Run virus scanning software (although such software may need a few weeks to be updated)
  4. Change password, reminder question and secondary email again.
The Twitter #gmail tag seems to be a good channel for catching updates.

8 comments:

Seth said...

Sorry to hear about that, Leigh. I know it can be really frustrating, even a little violating. I received an e-mail from someone who had their Gmail hacked recently, which makes me wonder if something is going around.

Peter said...

I agree with Seth's sentiments above. Sad to say, hacking is commonplace on the web today and your suggestions abut dealing with it, Leigh, make good sense.

Stephan said...

oh dear might a time to change my google password I think :<

Leigh Blackall said...

I'd go as far to say, use a different operating system Steph. This malware looks to be made for Windows targeting Gmail. I know we don't want to dump Gmail yet, but the Windows operating system is just too vulnerable I think.

Anonymous said...

You might want to check out this link. It seems to be across just more than just the Windows OS...

http://www.google.com/support/forum/p/gmail/thread?tid=77127463d8f40cb6&hl=en&start=320

Leigh Blackall said...

Thanks Anonymous. I didn't see a Linux OS on the list.. but it is concerning to think it is possibly the browsers on Mac, Win and I suppose Linux, or the Android..

Thinking it through, my account was accessed from a UC IP address at a time I was not at UC, then a mobile in the Ukraine. I'm pretty sure that Gmail logs IP addresses based on login activity. The UC login at an odd time lead me to thinking it was malware on my UC computer, but a scan by ICTS found nothing, and others in that forum are reporting finding nothing also...

Thanks for the link.. watching that space

saurabh113 said...

Good Read. It has become very common that we hear about Gmail accounts being hacked these days. Gmails users have to become more cautious and take care of their accounts. Follow these 6 simple steps on TechChai.com to ensure that your Gmail accounts are not hacked.

Joe said...

This same thing happened to me!! The best part about it I JUST left my IT Security career after about 5 years to pursue marketing. I'll start taking courses at an Internet Marketing school in a few months. After I saw all of the bounced emails I freaked out. I don't understand the purpose because they didn't go through all of my contacts. They only sent a few messages to random address such as an old Hostgator help ticket, a former colleague from 4 years ago, and the AOL autoresponder. Very weird...but like you, I changed all of my passwords and did virus scans and came up with nothing!