from Hacker News

My Gmail Account Hacked. How do I secure it?

by hhimanshu on 1/29/14, 6:16 AM with 6 comments

This happened with me in first time since I am using GMail (since 2005).

I was in Starbucks using my laptop in the afternoon for an hour.

I didn't notice anything major until I tried log into GMail and GMail notified that my account is disabled for security reasons. I ignored(stupid me!) and reset the password

Meanwhile few days ago GMail service disruption happened and I noticed I am received lot less emails that I used to get(may be 5-10%).

Then I started noticing that people complained that I am not replying to their emails, while I was not even receiving them.

Also, When I am sending emails, I get the message http://imgur.com/5U1nFXM&VrIjeVi&WTe9BIU

30 minutes ago, I accidentally checked my Gmail Trash and OMG! all my email are here. What happened?

One of the email caught my attention saying "Your Google Play Order Cancellation Receipt from Jan 21, 2014". What? This is not me for sure.

http://imgur.com/5U1nFXM&VrIjeVi&WTe9BIU#2

I called Google Play Help Center and made sure that this account is cancelled. Now I am sure that my account is hacked, so I googled to know why all my emails are going to Trash and Google told me to check my filters (https://support.google.com/mail/answer/63601?hl=en). Guess What? Google was right

This person set up the filters to make sure I don't know what he has ordered http://imgur.com/5U1nFXM&VrIjeVi&WTe9BIU#1

I am not sure who this person is except that this person was in the Starbucks since the order time is around the same time I was there.

I have changed my Gmail password but I would like to know what approaches/advices/suggestions people have to secure Gmail or any service that needs password

P.S I am not going to login to any website in Starbucks or public Wi-Fi.

  • by GFischer on 1/29/14, 1:29 PM

    I had my GMail account hijacked once, not a nice experience.

    What I did is turn on 2-factor authentication (same thing as everyone else advocates).

    I did manage to get a log of IPs of who was logging into my computer (see at the bottom right of Gmail, Last Account Activity - Details), went to the computer crimes division of the local police, they were very polite but basically explained they only have resources for really big things (child porn, serious financial problems) and since I had nothing stolen I had no case.

  • by anthony_franco on 1/29/14, 9:15 AM

    As mentioned, you should turn on Google's 2-step authentication.

    Since Gmail uses SSL, I'd find it difficult for an attacker to sniff out your password. Do you share that same password with other non-secure sites? Then if so, be careful of using the same password.

  • by renjith101 on 1/29/14, 6:45 AM

    2-step verification from Google. Login by using both your password and your phone. https://support.google.com/accounts/answer/180744?hl=en

  • by DanInTokyo on 1/31/14, 4:42 PM

    Same as everyone, 2-step verification. You can get the authenticator app for your phone or just get the authentication code by text message. Even if they get your password somehow, unless they've also stolen your phone and you don't have a lock screen the PW is borderline useless.

  • by puranjay on 1/31/14, 4:53 PM

    Please, for the love of all that is good and beautiful, use the 2-step authentication system. It exists for a reason. There's no such thing as 100% un-hackable, but this is as close as you'll get.