My Gmail was hacked and what to do next time…

December 31, 2008 - Get free updates of new posts here

Two nights ago while merrily enjoying some two buck chuck and responding to emails I got an email saying my personal server password reset happened. Strange. And then 5 minutes later I was kicked out of my gmail. Weird. I tried logging back in. Nothing. Fuck. Wtf is going on. Am I hacked? Youp. Shit! My email was compromised. Mental note: I have so many things I need to respond to, sensitive info, love letters, death threats and just other things I really want to keep saved.

Shit. I saw that email about my hosting pw reset. I went to my hosting provider and tried to change my pw and start backing up my dbs and files. Okay, whew. If you ever wondered if someone can hack your email, the answer is yes. Now back to my email problem…

What to do when your gmail is hacked

1- If they have NOT changed your pw, (they changed mine), go to your google account and change your pw to lock them out. Google Accounts login
2- Okay, didn’t work? Try to reset your password at the gmail password reset page. I heard this may take up to 24 hours to respond to. 🙁 But you want your email now!!!
3- Still out? Go to the gmail recovery form. This is actually how I got my email back. It took around 30 minutes for them to send me email reset.

Unfortunately, they still had the pw to my hosting server and changed every one of my personal websites to the image above. Fuck!

Prevention:

a) At this point please make sure you have a backup email in your Google accounts file, this is where they email the password recovery info to. I used a fake email intially to register my gmail, so from now on I have a real backup email in there.
b) Make backups of your dbs and files from your personal servers right now. Saves you the headache, my other sites had files deleted so now I have to go to google search and used cache links to try and save them.
c) On gmail, I created another account and then setup a filter so every single piece of email I receive is forwarded to that account.
d) Have different passwords. I know you know this but I use the same password on so many things. Now I don’t.
e) Update wordpress. These guys put in some backdoor files (pol.php,aa.php, etc…they can name them whatever they want) in really hidden folders so they could access my sites anytime they want. Make sure to check for this and delete them if you find them.

I hope this helps and saves you the frustration and anger that I faced. Any other ideas or similar stories?

Learn more about Okdork by visiting the Virgin Guide here.

Leave a Reply

Your email address will not be published. Required fields are marked *


21 responses to “My Gmail was hacked and what to do next time…

  1. Chris Reply

    While this was happening, it occurred to me: what would happen if someone stole a site (like this one), updated the page with malware, stole the twitter/facebook/whatever password, and asked the victims followers to check out the updates to the page? Besides widespread bad rep and ownage, it would be ugly. I’ve updated all my passwords for the new year!

  2. Paul Stamatiou Reply

    Glad you were able to get everything back under control. My gmail was compromised a few weeks ago (not my primary account though, so it didnt have anything important) but they managed to send phishing emails to 200 ppl. Fortunately they didn’t have real access to my account but used some vulnerability in Gmail’s SMTP servers, which is hopefully patched now.

    happy 09 and when are we going to chill again? find a reason to visit ATL.

  3. noah Reply

    paul,

    i need to get out to atl!! crazy about your gmail too. just saw my buddy johnross yesterday.

    chris,

    that would suck. they did change the index page on everyone of my sites…i think they added something to okdork that i have not found since the site takes 18 years to load…

  4. Jason Reply

    After being hacked last year, I had an idea. Similar to Adaware for personal PCs that search your computer for bad stuff, it would be cool to start an open source project that was web based and a user could install it on their server/website account. It could scan and look for known hacked code or vulnerabilities. It could also let you know if any other open source software you have installed (WordPress, Joomla, ect) needed to be updated ect to make sure you stayed on top of it.

    If I had more time I’d do it. Seems like an interesting idea. Hacking sucks!

  5. evl Reply

    That sucks. I am busy migrating from gmail because its so messed up.

    You should try this plugin http://ocaoimh.ie/exploit-scanner/

    I’ve used it and it seemed to work.
    Another great thing that works is cpanel password generator.

    But ultimately what works the best for me is paper. I choose passwords and write them down in a book where people cant get to it.

    Except off course if they get the book.

  6. cleaning business Reply

    I keep a encrypted log of all of my logins and passwords. I do not use the ‘remember my email and password’ function. All of my passwords are gibberish like “w4re5nhh7”. I change them every 6 months. I back up everything with an automated 3rd party program that backs up to multiple sources, each a different type of storage.

    It only takes a couple of hours to set all of that up.

  7. Stan Reply

    Sad to hear you got hacked.

    I have hotmail and I was looking the other day and I couldn’t see it but is there a way where you can download all your emails to a file on your computer.

    I’m scared that either through hackers, or through a fault with hotmail i could lose all my emails.

    Cheers,
    Stan

  8. Kelly Rusk Reply

    I feel for you! My Gmail was hacked about two weeks ago, and a terrible spam message was sent to me that went to my entire contact list (i.e. everyone I’ve emailed in the last 5 years)

    Another precautionary step–routinely delete people from your contact list who you have no intention of contacting again. (i.e. people you sent job applications too, old colleagues/clients you don’t want to keep in touch with) I know those close to me know that the email was NOT sent from me, but it kills me that some old contacts might think I’m now in the business of spamming (especially embarassing because I used to work in the permission-based email marketing industry)

    And also-back up the contact list you want, right after it happened my entire contact list was deleted!

  9. ranjan Reply

    i got mine hacked tonight. and i filled up the forms like 4 hours ago, and still haven’t recieved anything. weird question asked and i cdnt answer all of them, dates especially.

  10. John Reply

    My gmail was hacked recently too, they sent an email to all contacts that I have ever contacted from the account… Including my own cell phone. So I got this random txt message email while I was sleeping, and woke up to figure out what had happened. It was one of those “Help me cash this check and I will split the money with you” type emails…

  11. KC Reply

    My gmail was hacked recently – total nightmare. Hacker phished my password and emailed every contact (hundreds). His angle was sending a distressed e-mail (posing as me) to all my contacts informing them I was traveling overseas, had been robbed at gun point of everything but my passport with a flight leaving in 3 hrs. End result was one of my friends got scammed out of $1k via a Western Union wire. I felt sick. I realize that might seem incredible, but you’d be surprised at how persuasive some of these hacks are. The hacker was crafty and did his homework. He lured the attention of about 20 of my contacts by utilizing personal information gathered from my emails (specifically referencing info only I or my contacts would know about me and them) in order to bolster credibility. Low and behold, someone physically walked into a Western Union facility overseas with a photo I.D. with my name and picked up $1k USD. Amazing, right?

    I’ll give some other helpful suggestions about recovering your Gmail account if it’s compromised…

    1. Go to http://www.gmail.com homepage, but don’t sign in. Just click the html link “Can’t access your account?” below the sign-in tab.

    2. Select “my account has been compromised”

    3. then click on the “account recovery form” link

    My advice – simply print that form out and fill it in by hand with a pen the best you can and save it for a rainy day should your account ever be compromised. Fold it up and stick it away somewhere. You’ll thank yourself later because Google throws the kitchen sink at you w/ regard to questions about your account on that form. Make it easy on yourself and write it all out now for your own reference.

    I had used my compromised gmail account for 5 years. It was difficult for me to remember some of the information required on the account recovery form – specifically the creation date (month/year) the account was created; the person who initially sent me the gmail invite, etc. It took me about 3 days and 5 unsuccessful attempts to recover my account until I was finally able to piece it all together.

    What baffled me is that my password was strong – an 8 character password mixed with letters, numbers, symbols and case sensitive. I have no idea how they phished it. Maybe it was a keyloger virus. I don’t now. My main fear was that perhaps my entire PC files / folders were compromised and vulnerable.

    Once I was able to retrieve the account, I was able to get in there and appraise the damage. By that time he had already set up forwarding on my account to an operamail account , deleted all my contacts and continued to email my contacts with similar scams from operamail.

    Not fun.

  12. Horror Stories Reply

    My personal Gmail was hacked one time. The hacker sent out a simple spam email to everyone on my contact list, so it wasn’t too bad. I just changed all my passwords and everything has been fine since. I guess I was lucky.

  13. Vaibhav Kanwal Reply

    Hi! I think most of the hacking being done is not the actual hacking but infact Social Engineering or Phishing. People fall prey and end up loosing their username/passwords. This can not be termed as hacking. The only way is to educate people to be able to guard themselves against Social Engineering but when people are still using IE6, its a bit difficult to get this going.