Gmail Contact List Hijacked! Apologies to All
Yesterday, when I returned from work Milton was quick to check his e-mail because the cellphone wasn't along his belt for that day. At the time he tried to log in everything was normal except that Gmail asked to input the 'word verification' to confirm that was [@tonnetisalove] account.
Still at this point he was confident everything was right. Then, he started looking into old e-mail replies that shouldn't be there. He did open two messages from old friends, he didn't see in a while, both thanking him for contact them. A quick look to left side on his contact lists, revealed that they have disappeared. There was when he came to realise something was wrong. Milton keep up scanning more messages and found a Posterous post that he haven't posted it. Confirmed, his account in Gmail had been hacked.
TonNet's 300 + contacts did receive an unusual e-mail that went:
Many friends and colleagues wrote to say that something was wrong with my email. Later in the evening, I sent an email to everyone who may have got the spam email apologising, though everyone was very nice and good humoured about it, so far.
What Milton did to prevent this to happen again. Google says it has fixed a small filter configuration glitch on their end, but many users say are still getting more than their fair share of unwanted mail as in our case. Doing a spot of research on the web, I came across @tiffehr with similar experiences. Reading her post and recommendations. First thing he did was to log out of all other sessions on Gmail (see more on Remote Logout and look out for the IP address where the last activity on his account occured. Secondly, he changed password and security question in his Google account. Third, he set permanent SSL in his Gmail account, and Fourth, he trimmed the living spam out of my contacts list.
You feel strange, unnerving to have your email account hacked. A bit personal now. I’ve used Gmail since it was launched and this is the first time a spambot has managed to crack my password. It’s all the more surprising and worrying because I always log into Gmail securely and my passwords are robust. Is this the reason Google wants to keep Gmail as Beta? Who knows. The only thing I know, is yesterday wasn't our day.
I have written our apologies to nearly everyone we know.
Until Google flaw persists we all using Gmail may be confronted with this kind of experiences. And "I’m taking the evidence that the attack is over with a big grain of salt and setting myself up to deal with a few more tiers of apologies." as Tiffehr writes.
The most I can tell is the spambot got unexpectedly lucky getting into my Google account and was not written to do much damage at all, it originated at Posterous using the classic 'Find Friends' procedure where you are asked to sign into your email account. Spambot managed to gain access to our contact list and a automatic post into this blog. If you were visiting Education & Tech yesterday, after 1 PM (Est. Time), you can certify a unrelated post was taken down.
No more spam has been received from this crappy electronics discount company who’s URL was the heart of the spam message.
For any other suggestions about what I should be watching? Please, DM me @tonnet
If you want to receive my future posts regularly for FREE, please subscribe in a reader or by e-mail. If you have concerns, Contact Me at anytime.
Still at this point he was confident everything was right. Then, he started looking into old e-mail replies that shouldn't be there. He did open two messages from old friends, he didn't see in a while, both thanking him for contact them. A quick look to left side on his contact lists, revealed that they have disappeared. There was when he came to realise something was wrong. Milton keep up scanning more messages and found a Posterous post that he haven't posted it. Confirmed, his account in Gmail had been hacked.
TonNet's 300 + contacts did receive an unusual e-mail that went:
- Dear friend:
how are you doing lately?i would like to introduce a good company who trades mainly in electronic products. such as motorcycles, laptops, mobile phones, digital cameras, LCD TV, x box, PS3, GPS, MP3 / 4, etc.
Now the company is under sales promotion,all the products are sold nearly at its cost.
They provide the best service and original products of
good quality, moreover ,the price is a surprising happiness to you!
It is really a good chance for shopping.just grasp the opportunity,Now or never!
Many friends and colleagues wrote to say that something was wrong with my email. Later in the evening, I sent an email to everyone who may have got the spam email apologising, though everyone was very nice and good humoured about it, so far.
What Milton did to prevent this to happen again. Google says it has fixed a small filter configuration glitch on their end, but many users say are still getting more than their fair share of unwanted mail as in our case. Doing a spot of research on the web, I came across @tiffehr with similar experiences. Reading her post and recommendations. First thing he did was to log out of all other sessions on Gmail (see more on Remote Logout and look out for the IP address where the last activity on his account occured. Secondly, he changed password and security question in his Google account. Third, he set permanent SSL in his Gmail account, and Fourth, he trimmed the living spam out of my contacts list.
You feel strange, unnerving to have your email account hacked. A bit personal now. I’ve used Gmail since it was launched and this is the first time a spambot has managed to crack my password. It’s all the more surprising and worrying because I always log into Gmail securely and my passwords are robust. Is this the reason Google wants to keep Gmail as Beta? Who knows. The only thing I know, is yesterday wasn't our day.
I have written our apologies to nearly everyone we know.
Until Google flaw persists we all using Gmail may be confronted with this kind of experiences. And "I’m taking the evidence that the attack is over with a big grain of salt and setting myself up to deal with a few more tiers of apologies." as Tiffehr writes.
The most I can tell is the spambot got unexpectedly lucky getting into my Google account and was not written to do much damage at all, it originated at Posterous using the classic 'Find Friends' procedure where you are asked to sign into your email account. Spambot managed to gain access to our contact list and a automatic post into this blog. If you were visiting Education & Tech yesterday, after 1 PM (Est. Time), you can certify a unrelated post was taken down.
No more spam has been received from this crappy electronics discount company who’s URL was the heart of the spam message.
For any other suggestions about what I should be watching? Please, DM me @tonnet
If you want to receive my future posts regularly for FREE, please subscribe in a reader or by e-mail. If you have concerns, Contact Me at anytime.
You might also like:
Post a Comment