Friday, April 23, 2010

Did your Gmail get hacked with a bunch of outbound spam?

First, I'm sorry to hear about this -- as I know it's never a good feeling! The odd thing is, my wife's account was also "hacked" this past weekend. I've been doing some research on this, and apparently a number of other accounts where compromised, as a timely article was published from the UK:

After reading the article I noticed the "Details" link at the bottom of Gmail, which gives some insight on who last logged in to the account, however, it doesn't yet explain HOW the account was compromised, nor does the article provide any insight as to HOW to prevent this - other than referencing Gmail's "make sure your secure" article. All we can really hope at this time is that Goggle / Gmail responds with greater security measures - as something is obviously wrong and Gmail doesn't seem to want to admit to anything.

However, I've been attempting to figure out any regularities with the compromised accounts. The article DOES make mention of accounts either being hacked from the mobile side, or that those that access their accounts via mobile might be targeted. Either way, if there's a Gmail hole that was exploited via the mobile side, then it's a problem.

Gmail DOES seem to do a decent job at preventing hackers from cracking passwords, as after about ten attempts to login to Gmail with an incorrect password they require you to manually enter a confirmation word. This would slow down hackers and/or any scripts written to try and break passwords. HOWEVER, it's never a bad idea to have a STRONG password. I suggest using one that is NOT in the dictionary. Take a word, and then spell it backwards. Add a digit to the front and the end, and include some type of punctuation. For example: 39cisum!62 ... how do you remember it? 3 x 3 is 9, so 39, and cisum is music spelled backwards, add some punctuation and another few digits that mean something to you. Good luck hacking that password!

Also, do you access your Gmail from a mobile browser on your phone? My wife regularly does this, and the article mentions a possible stemming from mobile Gmail. This MIGHT point to a particular "hole" for hackers to exploit, as I don't access Gmail from a mobile browser, rather I use my mobile e-mail solution (via POP access) to download email to my cell phone.

I'd be cautious about accessing Gmail from a mobile browser at this point.

No comments:

Post a Comment