

My Gmail account got hacked. Google won't help. I need your advice. - codingfounder

Hi, someone is sending spam from my gmail address to my contacts.<p>I found out yesterday when a friend texted me saying he was getting spam from my address.<p>I logged into my account and found some failed delivery messages of emails I'd never sent myself.<p>There is no trace of sent emails left in the Sent Mail folder.<p>I also can't see any suspicious login activity in my gmail login history at the time the spam was sent or any other time.<p>The thing that's worrying is that they got hold of my contacts. It was an account I was not using directly any more, so I have closed that account now.<p>I have 2-factor auth enabled on my other accounts and have even changed all the passwords again.<p>I have reported twice to Google, but haven't heard back anything yet.<p>Edited to add:<p>I have looked at the original email message and the header does suggest it came from google. I reported the Message ID to google along with the full email message.<p>I also suspected it may be some app or service that I gave access to my contacts to, but I didn't see any in my app access list.<p>That's why I'm turning to you guys to ask if any of you've been in a similar situation, how do I secure my accounts, and trace down the cause of this particular incident?<p>Thanks
======
lazloth
See @ [http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-
your-...](http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-gmail-
account-being-hacked/)

Bullet list includes Account Security: Settings -> Accounts and Import ->
Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password
Recovery Options [verify secret question, SMS and recovery e-mail address]

Potential Spam: Settings -> General -> Signature [make sure nothing as been
added] Settings -> General -> Vacation Responder [make sure it's disabled and
empty]

E-mail Theft Settings -> Accounts and Import -> Send Mail As [make sure it is
using your correct e-mail address] Settings -> Filters [no filters that
forward or delete e-mail] Settings -> Forwarding and POP/IMAP -> Forwarding
[disabled or correct address] Settings -> Forwarding and POP/IMAP -> POP
Download [disabled] Settings -> Forwarding and POP/IMAP -> IMAP Access
[disabled]

Additional Information Keeping account secure:
[https://mail.google.com/support/bin/answer.py?hl=en&answ...](https://mail.google.com/support/bin/answer.py?hl=en&answer=46526)
Protecting your account:
[https://mail.google.com/support/bin/answer.py?hl=en&answ...](https://mail.google.com/support/bin/answer.py?hl=en&answer=29407)
More account security info: <http://www.google.com/help/security/> If your
account is compromised:
[http://mail.google.com/support/bin/answer.py?hl=en&answe...](http://mail.google.com/support/bin/answer.py?hl=en&answer=50270)
Someone using your address:
[http://mail.google.com/support/bin/answer.py?hl=en&answe...](http://mail.google.com/support/bin/answer.py?hl=en&answer=50200)
Google Employee comments:
[http://www.google.com/support/forum/p/gmail/thread?tid=560d5...](http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=7010)

~~~
codingfounder
Thanks lazloth. I've already read all of those threads and taken those
measures to protect my account in the future, almost all of which I was
already doing before my account got hacked.

I only turned to HN because none of this helped me track down the cause of the
breach in the first place. But I appreciate your help.

------
thebeefytaco
Click the Details link next to the Last account activity line at the bottom of
any Gmail page.

That will give you a list of IPs signing into your account.

I get a lot of those failed delivery messages though because I have my own
domain via google apps. Someone scrapped my mail domain and fakes it in the
headers, but I get the actual replies because I have it set so all addresses
on the domain go to me.

~~~
codingfounder
As I noted in my post, I have already looked at the login activity list, and
there's nothing other than my own IPs and sessions.

I have a similar domain via google apps setting that you have. I just don't
understand how they got hold of my contacts, and don't know what I can do to
prevent them from spamming my contacts again.

~~~
axelfreeman
Please check your pc. Is your OS, browser and browser-plugins up-to-date? Is
there a browseraddon you haven't installed? Make a full virus scan.

------
bdfh42
How do you know "they" are using your account rather than just using your
email address as a "from". That used to be the most common way of trying to
get SPAM past people's simpler filters.

Might be worth checking what would happen if such an email was rejected from
one of those email servers that bothers to send a response back - could
explain it all.

~~~
fiendsan
Yeah most likely someone got a hold of your address book and is just spamming
your friends, unfortunately dont neet to hack your gmail todo that (there are
a tons of ways of getting your address book).

I would say to check the header of your spam e-mail on your friends mail box
and see where the e-mail came from, if it was from google you might have some
issue (maybe you gave some app or service access to your gmail, or have
pop/imap enabled), if its not from gmail then dont stress about it, sooner or
later the spam filters will pick up that its not from you ^_^ .oO( yeah dont
hold your breath on google helping you on this, they really dont have any
support! )

~~~
codingfounder
The header does suggest it came from google.

I also suspected it may be some app or service that I gave access to my
contacts to, but I didn't see any in my app access list.

How does one get hold of the address book without hacking into the account or
via a third party app that has access?

~~~
fjarlq
Post the headers (after scratching out the email usernames)... there may be
clues lurking.

~~~
codingfounder
I'm trying not to leak any more personal info, so I'm not sure which parts of
the message I can post publicly.

