

Ask HN: Has your GMail been compromised? - netmau5

Over the last few months I've noticed messages in my gmail saying that my account had been accessed from China.  I took the given advice and changed my password, but it kept happening.  The last time I used an extremely cryptic password and it appeared that I was in the clear.  Three weeks later, another message appeared saying my account had been accessed from China.  So maybe it took longer or maybe they just didn't get back around to hacking me for a little while, either way I no longer believe a password is going to protect my inbox.<p>I'm not an important person. There are less than 300 people on the planet that are even aware of my existence and even less who would remember it if you asked.  The only thing even remotely noticeable about me is that my surname, also in my email address, is shared with a famous (in a bad way) world leader.<p>Where are we at with passwords?  Has computing power gotten so cheap that they can brute force their way through any character string?  What am I to do as a lowly web developer to protect the users of my own apps if the 20k engineer-strong Google can't stop multiple incursions to a random dude's gmail account?
======
ungerik
The last time I entered Australia customs grabbed my iPhone, took a snapshot
of the memory and logged into my Google Apps Account to find out if I have
been working illegally there.

They asked if I was planning tax evasion because I took Google Doc notes in a
tax-minimization and asset protection seminar.

They went through my private email conversations with family members and
discussed the financial details of my family and who borrowed money from whom.

All with my consent of course. The other option would have been to fly back to
Europe with the next plane available.

It's not always the evil Chinese hackers...

~~~
s3graham
Wow, seriously? That's insane. Are you an Australian citizen?

(I'm also somewhat surprised at the level of technical knowledge on display, I
wouldn't honestly expect that where I live though I probably should I
suppose.)

~~~
ungerik
Downloading snapshots of iOS devices is standard around the world. No I am not
Australian citizen, that was the problem.

------
bryanh
If these are indeed true accesses (and not just phishing attempts), I would
take a very careful look for malware on your computer. There is no way they
are brute-forcing passwords like "j@zz!t7p=()++" (and Gmail would have long
blocked their failed attempts).

I've never had anything of mine compromised, especially Gmail (at least to my
knowledge). Knocks on wood.

~~~
netmau5
I thought the same. I occasionally access gmail from my mac at home but for
the last 2 months my only access has been over iphone. I've also gone into my
Google accounts access and removed my authorization from all services that I
log into via Google (minus two well trusted places). I'm curious if someone is
picking it up on wifi when I'm at a hotspot.

------
LabSlice
> my email address, is shared with a famous (in a bad way) world leader

Kim Jong Il?

Brute forcing gmail is not really feasible, especially not if you have a
decent password in place. I suspect that they would just put up a captcha and
maybe slow down the login process if you fail too many times.

If your computer is compromised and you keep using the system to either login
or change your password then that password will continue to get compromised.

In many ways you are also best off to reimage your PC and create a completely
new gmail account. If the account was sending too many nasty things then it
may be on various blacklists already, which will just affect your ongoing
usage of it.

------
al_james
Did you use non-SSL gmail over a suspect wifi connection?

My account got hacked a month ago. Loads of spam emails were sent out from my
account, and I had a login from china in the access log.

My password was strong and unique to gmail. My list of most likely attack
vectors they might have exploited to get me are:

* Non-SSL gmail over compromised wifi

* Logging in when travelling on a compromised PC

* There was a story that gmail had experienced a security breach and some passwords had been 'stolen' in early 2010. Not sure of the details.

------
drivebyacct2
I have four accounts. One of my accounts, that I use at nefarious looking
websites, or websites of a nature that I don't feel needs my legitimate email
address, was accessed from a computer in China. I still use the same password
for it everywhere but my Gmail now.

