How the heck does this even happen?

Aurin

A couple of hours ago, someone in China got access to my gmail account, then decided they wanted my WoW account. Right now I'm rather powerless since tech support isn't open, but I'm curious. I've since gotten my gmail account back, but what I want to know is how the account was even hacked. O.o

I'm scanning now for viruses, but I scan every week, and I'm pretty sure I don't have anything.

So how in the world could my gmail account be compromised from outside? Just brute force? I thought I had a strong password, with numbers and a mish-mash of letters... everything that I've ever been told was a strong password.

Is there a keylogger out there that can't be detected yet? Or did the dude in China just get really lucky?

Raneados

if your password is all but unguessable I'd assume there's something on your computer that told him what it was

Aurin

Grr. >.< My virus scanner needs to scan faster. This is frustrating as hell. Goosey goosing geese. >.<

romanqwerty

did you register for anything (forums, sites etc) with that email and the same password?

Aurin

Nope. And my account has been accessed twice by China. The first time I changed the password was on Mar 29th, when gmail popped up with a big red alert about it. This morning, I got logged out, figured it was a timeout... then thought I'd forgotten my password, so I reset it. Turns out it was some goose in China logging into my account and changing the password.

I didn't even think twice about it, thinking I'd forgotten it, until I went to log into WoW and it told me my account didn't exist. ~_~

I've changed the passwords to the places that are important, but it seems they just wanted the WoW account. Maybe I should get a new email address? I'm not sure. It's just freaking weird. >.<

Iceman.USAF

Given all the recent hubub with China/Google, this might be something you want to tell the police/govt about.

Just saying.

DiscoZombie

I have no clue *how* it could happen - can gmail passwords be brute forced? But I can tell you that those goldsellers will go to great lengths to get their hands on WoW accounts. "lucky" for me, when they got my WoW account, they didn't go through my email first. Not that I know of anyway. But I still have no idea how they got my password.

Topweasel

I had something similar happen on my Hotmail account. On Hotmail I am almost 90% sure its a vulnerability on the password reset screen. As far as I had known Gmail hacks were pretty rare. But there is a chance that there is little known hack that they can use.

I went one by one through all of my cookies and open processes. I could not find anything that even somewhat looked like a keylogger or tracker.

Edit they did go through your email first. Back before your username was XXXXX@gmail.com when it was just xxxxx. They would send a password change request and then be told where the email was going, hack that change the password to both and delete the emails about the change. The way I found about them was I had my Hotmail account attached to my blackberry so I had the original Blizzard password change request email even though it had been deleted in the inbox on the website. Once they changed the password my Blackberry stopped receiving email, but I still had the first one.

MichaelLC

Aurin wrote: »

Nope. And my account has been accessed twice by China. The first time I changed the password was on Mar 29th, when gmail popped up with a big red alert about it. This morning, I got logged out, figured it was a timeout... then thought I'd forgotten my password, so I reset it. Turns out it was some goose in China logging into my account and changing the password.

Umm... sounds like you may have been scammed by a phishing "alert"?

Visti

Yeah, this sounds like phishing to me.

Aurin

MichaelLC wrote: »

Aurin wrote: »

Nope. And my account has been accessed twice by China. The first time I changed the password was on Mar 29th, when gmail popped up with a big red alert about it. This morning, I got logged out, figured it was a timeout... then thought I'd forgotten my password, so I reset it. Turns out it was some goose in China logging into my account and changing the password.

Umm... sounds like you may have been scammed by a phishing "alert"?

So China's accessing gmail's servers and placing notifications directly above my gmail inbox?

Sorry if it wasn't clear, it wasn't a popup, it was an alert by google. They've added this feature because people have had their accounts compromised recently.

And I'm not so sure about reporting this to the government... we'll see how my scans come out on my computer first. If it's clean, then maybe there really is a problem. Shame, I love gmail.

Duck'n'Cover

Yeah, this sorta thing happens alot, especially with sites like Facebook.

Improvolone

Do your passwords have special characters in them?

FightTest

Out of curiosity do you run any executables like the Cursed addon updater or the Wowhead data miner?

Klorgnum

You should probably be running something in addition to the virus scan if you're not already. You might try Malwarebytes Anti-Malware, and something to scan for rootkits might not be a bad idea.

Topweasel

FightTest wrote: »

Out of curiosity do you run any executables like the Cursed addon updater or the Wowhead data miner?

Its not that. People assume its that because everyone uses it. Its really easy to see where the hack comes from. They hack your email and reset the password there first.

Aurin

Welp, according to Ad-Aware, I had a trojan. O.o Microsoft Security essentials didn't pick anything up, so maybe it's a horrible, horrible virus scanner?

Either way, Ad-Aware got rid of it, and I'll get Malwarebytes Anti-Maleware to make sure it's gone.

Aurin

Aaaand Malwarebytes found nothing. So, it must have been the trojan that Ad-Aware found and quarantined. No friggen idea where I got it. >.<

Lykouragh

When I got keylogged, Malwarebytes found nothing, AVG found nothing, Avira found nothing, Bitdefender finally found the keylogger but could not kill it short of formatting C: (it lived in a randomly named system folder, when you killed one of its processes it immediately spawned a new one).

Either it's a keylogger or you got phished, and it sounds like you are able to recognize phishing.

JebusUD

There was an exploit for a while, that if you opened certain pages while g-mail was still opened it would get into it somehow. Or something. i don't really remember how it works.

Arkan

you've probably been keylogged bro

matt has a problem

Make sure to go into settings in Gmail, and go under "Forwarding and POP/IMAP". Make sure that "disable forwarding" is checked, unless you yourself have enabled forwarding, in which case make sure the email it's forwarding to is your email. There was a spate of attacks that involved someone getting into a Gmail account, leaving the password alone, but setting it to forward everything to a different email of their choosing. That way they were able to see everything without the real account owner knowing.

Also check your Filter settings, make sure they haven't set up random filters to forward things.

Aurin

matthasaproblem wrote: »

Make sure to go into settings in Gmail, and go under "Forwarding and POP/IMAP". Make sure that "disable forwarding" is checked, unless you yourself have enabled forwarding, in which case make sure the email it's forwarding to is your email. There was a spate of attacks that involved someone getting into a Gmail account, leaving the password alone, but setting it to forward everything to a different email of their choosing. That way they were able to see everything without the real account owner knowing.

Also check your Filter settings, make sure they haven't set up random filters to forward things.

Checked everything and shutdown the IMAP stuff that was turned on. Thanks for that.

Currently getting ready to just format my machine. Even with the trojan being found and killed, I don't trust it. So I might as well just wipe it and start over... and upgrade from XP to Win7. Woo.