Hi all -- I'm a longtime HN reader/user writing this from a new anonymous account to describe an incident this AM and ask for any tips / tricks. Many thanks in advance for the help.
This morning I woke to find my mobile not connecting to my Gmail account. After trying to log-on on my computer, it became clear that my password had been unknowingly changed late last night (~2am) due to activity logged in from a foreign IP address.
I've changed my password and performed a range of other items from the Google security checklist, but am wondering specifically: What can I do using the provided IP to try and determine the origin of the attack?
While it's likely nothing, I am concerned as I have been the target of a number of sophisticated spearfishing attacks against my work e-mail.
One additional detail: I did log in a few hours beforehand on my computer over an unsecured Wifi network. However, I do have "Always use HTTPS" on in Gmail.<p>Again, greatly appreciate any advice. Thanks.
Also, I believe to change a password on Google you have to reauth with your current password, which never would have been transmitted in cleartext. Unless you had a MITM attack with one of those compromised certs in the wild, but you've removed your diginotar certs, right? It's more likely that your password was guessed or taken from somewhere else. I would change any other accounts which might share that password.
Steps for now: turn on 2 method authentication!! Check your outbox and deleted folders for any shenanigans, although if the attacker knew what they were doing they would have deleted any trace of anything they would have done.