My Gmail Account and Google Apps Got Hacked

Hey Amit,

I see an Airtel IP on the log .
Was that an Indian guy, who had hacked it ?
And did you talk to him ?

Gmail got hacked again! A shock!

Wahh.. That was scary. Good that finally you got the control back. Thx much for all tips.

That must have been a real nightmare. Do post here if you ever figure out how they hacked into your account in the first place. Maybe if you weren’t using HTTPS, they sniffed the last email (the password reset one from Google) and then followed the link to reset the password?
Just thinking.

Hi Amit
Thank you for all this superb advice and I’m glad you regained control as rapidly as you did.
I had no idea that you could register a phone number, now it’s done!
Thank you again for one of the most important posts of the year… should be read by anyone with a gmail account.

Thanks for putting in all those information sir. Its really horrifying to know, that somebody can possibly take control of what is ours, so easily.
Nice to feel that, you were promptly rescued.
But thank god, that I maintain all the services(adsense, paypal, banks & wp-login) with different accounts, & thanks Digsby & Keepass, that I never to link any account with the other. Maybe earlier that it felt stupid to check them all manually, but now I feel happy that I did that.
Anyways I have bookmarked this page for a similar day in future(but with my fingers crossed, praying that such a day never comes).

Thanks for sharing this. I hope I can protect my account better in the future. No wonder, experience is the best teacher.

Ohh… This is scary. Hope none of your critical information is compromised.

Happy to know that you restored your account but the event is scary, particularly to those having a lot of vital information online attached to email IDs.

One correction Amit – You have to provide another email address as the secondary email, and not Gmail. Google won’t accept Gmail.

Thanks much for the info, much appreciated !

Where can I find all the information you mentioned in step 3?

Glad that you got your account back Amit.
The points which you have mentioned are really valuable for all GMail users. Thanks!

Hi Amit,

That’s was scary. Thank goodness you managed tor recover your email. How much you give that dude? What did Google say / comments?

I normally change my password randomly throughout the year. BTW how do we know when our gmail account was created if – like me – who have deleted all my old emails?

Amit,
Good to hear that you got access back.
I think some of your tips could backfire though,
The easiest password hacking is social engineering. Keeping that in mind the most vulnerable part of password security is the “recovery process”. So here are my tips
DO not reuse your GMAIL password anywhere else EVER
DO not use any meaning full password recovery question or answer. Chances are if you forget your gmail password because of amnesia, you probably will forget your secret answer too. Secondly, any hacker with good IQ will immediately change the recovery qn and answer, so it is useless against a good hacker. The only instance a recovery qn is useful is if you routinely change your password and you have forgotten your password. I have not seen any scientific evidence that routine change of password decreases the chance of hacking..
DO not use recovery phone number. Imagine this you, someone stole your phone, then figures out your email address. the nest thing they can do to is to go to google password recovery option and set a recovery request to send one via your phone SMS. so unless you think that you are never going to lose your phone do not do this
Do not use recovery emails to your work/or any other less secure email address. Again its easy to hack your work email and then make a recovery request of your gmail password to that work email. Even if you make a new gmail account and make that as secondary email address, its use is very doubtful as the first thing a good hacker will do is to update the recovery email.

Good to hear that you got your google accounts back.

Useful information, so thank you for that. But there is a big issue here, and it is difficult to know how to proceed. Even if you knew the details of how you were hacked, you would not want to disclose them. But others with Google Apps accounts need to be able to do a risk assessment: is it reasonably safe to risk your data with Google? I suspect Google will eventually have to be more proactive in communicating about security.

is there any way to get on-line the answers to #3? I don’t remember some of them.

congrats to you for coming out of this fateful incident.

I’m a bit ‘tech-handicapped’ when it comes to preventing these things because I have no idea how they could happen in the first place. It’s made me shake my head at how Google is connected to absolutely everything.

Your article is very helpful and I’ll be following your advice. I’m glad Google’s recovery services aren’t that complicated in case it ever does happen.

Gmail just like Yahoo mail sucks on security measures. I had tried informing Google about it, but even after 6months, its all the same. If someone from Google contacts me, I’m willing to share the Vulnerabilities. (But I know, they just wont do it.)

Sometime back I thought about blogging on this subject – Trying to Social Engineer your own email accounts and see how secure is your account info on web. But being a security pro, decided not do it as it would enable a series of such attacks from many.

Sad to hear that your account was comprosied and good that you were able to recover it. You make valuable points on writing those supplemantary info.

hmm..

I can feel the cold wave going down my spine..

Neither I know anyone in Google, nor I can remember any of those points, like when I created my gmail or who invited me like stuff..

So, if it would have been mine, then I would have been dead for sure :(..

A very helpful and clearly written column. Thank you for writing this!

Hello Amit! The same incident happened with me 2 months ago. When my account was out of my control,I filled up the same recovery form which you have linked above. I could collect all the information related to my google account by searching all the details from my other accounts. Finally withing some minutes of filling up the form I got the mail saying “our investigation completed and you can reset your password from the following link.” After that I have created another account just devoted for the recovery of the google account. All the information required for the google account recovery is safe in that account.

I dont you anyone could hack you by phishing. Maybe there is a keylogger in your system. I advice you to reinstall system files just in case someone has a keylogger in your system.

Unfortunately Google has many business practices which it doesn’t publish. I had my email account blocked from sending any email for at least a day after I tried to send an email with a google form to 8 colleagues. Their guidelines don’t make any mention to this few recipients and it hardly qualifies as bulk email. Google’s halo is starting to slip from where I stand. They need to be crystal clear about email abuse policies and password/account recovery procedures as a matter of course. Google get your act together!

I recently had my Google email hacked. In desparation, I filled out the Form in a hurry a few times and looks like it got frozen now since everytime I fill-out the “Form”, I almost immediately get a email bounce saying that the account cannot be re-activated. Is there anyone at Google that I can talk to, given that fact that I’m an “ordinary” person and not Amit?

I had the same experience just in the last two weeks. Someone changed my GMail password which kept my from accessing my Google Voice, Google Wave and everything else I had. I tried that form which asks you when you began using various services aobut 200 times before they (a bot) was able to confirm my identity and give me back my accounts.

The person that hacked my account used my contact list to send out a “stranded traveler” email and I discovered I’d been hacked because I started getting phone calls asking my why I was in London, which of course I wasn’t.

The really frustrating thing is that even after notifying Google that my account had been hijacked it was allowed to remain active so the bad guy could continue his scam. I too wish I knew where one would go to find out all of the answers that they ask and that are listed by the author so if it happens again I’d have an easier time getting it back.

Thanks

Sorry to hear about this. Hope this shows that you can’t rely on reputation as a barrier to hackers. Good thing I don’t rely on Google for everything.

Time to change the password for everything that is connected to your gmail account such as Domain registrations, affiliate programs etc.

I have experience the same situation back in Feb early this year. It’s the time I’m starting as full freelance. That night, 7pm, I cannot access my google reader. I kept redirected back to login page, and my password always rejected. I cannot login to gtalk in pidgin and gmail in thunderbird.

I experience the ‘sinking feeling’, but I managed to find out the password recovery page in google. Fortunately, all my email is in my Thunderbird, fetch it using POP, so I can fill in the date I got my gmail account, contact recently used, label, and other fital information.

I got control to my account again after about 2 hours. The attacker don’t leave anything. I check the filter for any redirection rules, but can’t find one. Have you check your filter rules?

I’m lucky, you lucky, I hope all of us lucky if this unfortunate situation happened again. I hope google fix their vulnerabilities, if there are any. Keep your account safe.

Another story: link

They are online services, it will be freaking hard – FREAKING HARD – to figure out when I signed up for which one. I register monthly on a new site. Gmail, Apps, etc is just one of those. Good tips, and I will start working on improving my security even further. Scary to once realize again how much you lose when you get so much convenience through the web. I am in the same boat. Doing online stuff daily and basically using Gmail and Apps for that. ” Can someone please mirror the internet as a snapshot so i can ‘rollback’ to my backup from yesterday? ” lol .. if only.

I am now locked in battle with Google to get my account back? Did you do anything different from normal? I filled out the form about 6 times by now with no success. I called their offices. I sent them faxes. I am filling out every form I can. Any info would welcome.

I got my first ever password crack attempt yesterday on December 15th. They don’t SEEM to have succeeded.

I’d feel better if we knew how you were hacked.

I understand yr feeling i lost my gmail n other sites last year n still have not got it back, a bummer i know!

I got the same question of Mani and Sam… Where we can obtain the info of #3 ???

Tell the guy to get a job at Google!

Amit I created my GMAIL account almost 6 years ago, so I don’t remember the month year when the account was created, nor the email address of the guy who sent me the invite, and not even the dates when I started using other Google services.

Is there some way of finding these out?

dear amit,
where can we get information on the month and year of opening the email account;i searched google help,forum ,web history but found no clue;if that is such an important piece of information,google should warn all to keep store data when it opens the mail account.
rkrao

Whoa.. that’s scary… I get those pwd requests ALL the time to various accts of mine.. yikes.

MUCH MUCH thanks for this reminder post!!

I second the question as to where I can find the answers to #3. Can I find them? I definitely don’t remember who invited me, I got my invite from a random invite sharing list I think!

My blog got hacked recently and all the files were all gone. Thanks for the tip Amit.

Crazy shit!
Dude, I’m glad you recovered, and thanx a ton for posting this. Google engineers have awed us so much with their genius and it’s tempting to assume that their infallible. This post is a wake up call. THANK YOU!

hey Amit, happy to know that you got the control of your account . and thanks very much for this post explaining what to do and what not to do if faced with such an issue. all the best.

I recommend having a “secure” account in your domain that is only used for administration, with an additional “secure” GMail account that is only used for things like password recovery of administrator privileges for your domain. I do not recommend having your ordinary Google Apps account that you log into regularly be used for administrator privileges. This way getting higher privileges in your domain requires breaking a infrequently-used (and presumably more secure) account.

my password is name of the doctor’s wife who treats the pug which my grandmother’s neighbour mr.chadda owns! prefix to that is the date on which the pug was born (essentially not ALL CAPS!! now guess that… :P lolzz
nice write-up sir :)

This is great information Amit, thanks for putting it together and posting it. My websites got hacked a while back and my host’s security guy said they might have come in through my gmail account. There was no evidence that my gmail account had been hacked, but I changed the password anyway.

It’s great to know all the details you need in order to verify your gmail account is yours. I wouldn’t have the first clue about most of those, so I’ll be going through all the steps you detail tomorrow morning!

Glad it all worked out well for you in the end, could have been much worse! I’m glad it wasn’t :-)

Best timing of posting this article ever. I recently got 2 mails from Blizzard since someone seems to be trying to reset my WoW account password. I was getting scared since i also pumped money in the game and it now could be lost.

Thanks for the tips, they also work a bit for my problem.

No commercial dot.com is safe. There is always some one reading your email. that is why they were the employer, their employee were adding junk email and free ad??????
This is not free. Many in the third world has time to kill. IT can be fun and learn, but it can also lock us into slavery.
They constantly call us to the machine.. and we become out of control.

If you use premium google apps account then there is pin which you can use to authorize when you call the call center.

i also face the same problem.on 12th december my site also get hacked by some people called as hock.. but within 4 hours google and godaddy.com help me to recovered my site and again my site under my control….

Thanks. You made me look and I realized my backup e-mail account was one that was closed several years ago. I guess I would have never been able to retrieve my password!

Thanks a lot i definitely learned a lot of things from your experience.

Yea mine was hacked yesterday as well. I wish I had this information before. I can’t seem to convince gmail that I am me. I have had the account so long I don’t remember when it was created. Live and learn.

You cannot provide Gmail address as secondary address of your gmail account. You can not associate a Gmail address with your Google Account.

Wow, Amit, thank you for sharing all this information on how to recover things. Sorry you got hacked, man. This was a great write-up and much appreciated. I’m glad I subscribe to your RSS feed!

I wonder how you got ahold of google. If this happened to me I’d be stuck at step one – how to contact a real person at google.

Hi Amit, Its bit shocking to me instead of scary. Mostly things go wrong when one is not security concerned or take security lightly but this cant be in your case, still you got hacked. Not every is lucky as you to get things back that too with in 3 hrs.
Nice information if something goes wrong…i just changed a couple of things.

I felt happy to read that you have restored your account . Thanks to provide simple guidelines about how to save gmail accounts from hackers .

We all love google , but Google Vulnerability is still being used by hackers .How sad !

Sorry to hear what happened to you, happy to hear you got it sorted relatively promptly.

I would not just recommend https: enforcing in Gmail over WiFi, but anywhere. One day you will check your email at an airport, library or other public place and forget to use https.

It is easy to set up the NoScript firefox plugin to replace all google docs URL’s with https//docs etc.
See under noscript/options/Advanced/https

Be careful and hope it never happens to you.

I got my password hacked too… But i was able to recover it with the help of Google…. I found that the cause was a firefox plugin ( not much sure about it) coz all the password which i saved in firefox is been compromised…may be someone may have used a key logger and saved all my password to my web server and then sent the password details to some Turkey server…did a trace route and found it. I love Google and i have been using it for a long time. I am not sure how my firewall was also compromised

Hmm,

Maybe someone targeted you using a driveby download malware (maybe 0day pdf exploit – no patch yet).

If someone hacked your website, they can gain access to your google apps account too. By uploading a html verification file. There are plenty of ways.

BTW, which OS do you use?

Hi,
This mail clearly indicates that you cannot– I AM REPEATING AGAIN ” YOU CANNOT TRUST FREE SERVICES FOR PROFESSIONAL MAILING OF YOUR ORGANIZATION”. I’VE HEARD THAT EVERY MAIL ON GOOGLE IS READ IN ORDER TO SERVE ADSENCE ADS…
Just check out on right side of all your messages and you will find ads will be as per the contents of your mails..

In any other situation people would have contacted support and got a resolution in a zippy…

SO THE LESSON LEARNED HERE IS ” USE SERVICES WITH SUPPORT FOR YOUR LIFELINE MAILING NEEDS…”

I would like to see the same legal penalty imposed for hackers as for those who break into your physical property. After all, your private information is in your email account, possibly even banking info and more, so it’s just as much an invasion of privacy and property.

Great article Amit: truly useful.

Hi,

The selection of an email services and a provider depends on many factors.

A small charity that refurbishes PC’s for export to the Third-World will behave differently than a legal firm that cannot afford to lose reputation or not show in court with appropriate documents, for example.

Google mail can be free or paid for (if you want the extra services etc.) and so can Google-apps as a whole, as opposed to free Google-Docs.

A simple risk-analysis and weighing of cost and benefits can help anyone decide what is best for their circumstances.

imho Google are certainly an option for hosted or in-house mail-hosting. As is the competition.

wow…so scary…thanks for the tips…

Wow, I’m so relieved you regained control of your account but this is frightening. These days I spend much more time protecting my accounts and trying to keep up with security vulnerabilities. I really appreciate you sharing your experience and providing tips. I am doing some of the things you listed but not all. Thank you so much, I’m only sorry that you had to endure this personally for us to become wiser about protecting our web data.

Thanks for the tips!! I just set my mobile phone number. Especially when you make a living off of blogging, that could really be scary!