Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Journal GameboyRMH's Journal: Got my Gmail hacked despite ultra-tight security (UPDATED)

So this morning I logged into my Gmail and got a "login from unusual location" warning that happened sometime yesterday. Yesterday, I only logged into Gmail from two usual places, no unknown wifi APs or proxies, and here is a login from some US address (ubiquityservers.com:

I advertise my email on Slashdot, making it easy for potentially pissed-off hackers to have a crack at it, and it's secured to stand up to this. It has a very strong password and a recovery question that requires you to hash the original password with some extra characters. IMAP and POP3 access are disabled. 95% of the time I browse with anti-MITM and cert-checking plugins. Needless to say I don't have malware on any of my computers. So understandably I was stunned and incredulous that this account had been brute-forced, but to be safe I had to reset it so I mashed the keyboard for a long random password, saved it to a couple computers on the network (important! :-P but I had never saved the old password anywhere, now I have to come up with a new memorable strong password, D'oh!!!), set the Gmail password to it and updated the recovery password (because changing the recovery password without changing the recovery question would be a very clever way to keep a second shot at access).

All of my personal web accounts are registered to this email so I'll have to keep an eye on them. Still I think this must be due to some vulnerability in Gmail, there's just no freaking way that password was brute-forced, especially considering that Gmail has a brute force limiter.

UPDATE: Found a possible explanation

Someone who knows only my Gmail address (which I advertise freely) could have broken into my account under "scenario A" in the study, and presumably changed the password and recovery challenge if they wished to. Pretty scary.

This discussion has been archived. No new comments can be posted.

Got my Gmail hacked despite ultra-tight security

Comments Filter:

Evolution is a million line computer program falling into place by accident.