As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
God damn chinese email hackers
Buttcleft
Registered User regular
Registered User regular
God damn Chinese assholes hacked into my gmail account.
I dont check my email very often, because this happened on the 15th and I just noticed today, because I couldnt access it, had to reset the password to log in, then saw the big red warning bar at the top saying my account was recently accessed from china.
Looks like they just used it to send out the atypical WoW account harvesting spam, Which is stupid as hell since i dont even play WoW so I have no clue how my account even hit their radar.
My password was strong to begin with, so I dont even know how they managed this, but I've made it even stronger in response.
This is the first time I've ever been violated like this, of course I changed my password, and I guess I have to change the passwords of anything linked to my email, like my forum account, for safety sake.
Is there anything else I need to do? Am I overlooking anything?
I dont check my email very often, because this happened on the 15th and I just noticed today, because I couldnt access it, had to reset the password to log in, then saw the big red warning bar at the top saying my account was recently accessed from china.
Looks like they just used it to send out the atypical WoW account harvesting spam, Which is stupid as hell since i dont even play WoW so I have no clue how my account even hit their radar.
My password was strong to begin with, so I dont even know how they managed this, but I've made it even stronger in response.
This is the first time I've ever been violated like this, of course I changed my password, and I guess I have to change the passwords of anything linked to my email, like my forum account, for safety sake.
Is there anything else I need to do? Am I overlooking anything?
Buttcleft on
0
This discussion has been closed.
Posts
Scan your hdd for spyruses.
Check your other accounts.
Hell, just go to another computer and change all your online p/w's from there, because who knows what else they've gotten into.
Has that vulnerability been fixed? Could that be how my account got compromised?
Wonder how I even got on their radar.
No i'm not using this an excuse to lower my guard or not to security minded things in the wake of this.
thats all been taken care of already.
Just...for those of us less informed...
What are rootkits and what sort of measures may have to be taken?
That is not why you change passwords over time.
You change passwords over time so that you prevent your account being compromised via cracking. Cracking takes time and the idea is by the time they have a working password it is outdated already.
its more likely they exploit a security hole in the email service or use a keylogger to get it as opposed to old fashioned brute force cracking it.
I have to admit I am freaking out over this a little bit, IP logs say they only accessed my account once, so they probably just used it to drop a mass spam out then went on to the next one.
But that intellectual side does not make my stupid, reactionary, fear driven side feel any better.
If you're Blizzard, and have horribly archaic security practices, then you could probably sit there and brute force all day long and eventually get in.
But since it's Google, I'm sure they just keylogged you somehow.
I Dont see how they could have, I'm extremely security paranoid, and highly cautious.
I mean, anythings possible, sure, but I can not fathom how something could have gotten in.
Rootkits can also hide any other programs they want from your system. They typically load early on during boot, sometimes hiding in the Master Boot Record of your computer. Effectively, this means that they can convince Antivirus software that they don't exist, and additionally, that they can sometimes survive reinstallation of the operating system if you don't thoroughly format the disk to rebuild the MBR.
Rootkits are nasty, disgusting stuff. If you've got one, it can be tricky to figure out that it's there, and even harder to remove it without nuking from orbit.
Most of the time people aiming to crack passwords won't sit there online all day spamming the login page. They'll try to get into the server and steal the password database, which they can then attempt to crack at their leisure, trying thousands of passwords per second without hitting the server over and over. This is how Gawker recently got cracked wide open.
Buttcleft, you didn't have an account at Kotaku, or any other Gawker site, did you? If the password was the same as the Gmail account, it might've been compromised that way. Otherwise, the 'once and gone' situation sounds like someone may have just hijacked a session... but given the low usage of the account I'd say it's unlikely that someone hit you with an XSS attack. It's difficult to say where the compromise occurred. I will admit that I'm completely baffled at the number of people who report the same thing, though. People I know who are VERY tight on their security have had their accounts compromised in the same way. It may be something lingering since the Aurora attacks on Google, though Google insists that no user credentials were stolen then.
It's a jarring sensation, and I know it'd make me go crazy not knowing, definitively, why it happened... But chances are that changing your password should be enough for now, since you've done a thorough sweep for malware and your machine is secure.
would be nice if someone would come up with a way to detect them easily.
There are a few rootkit detectors out there you can try, if you want a bit of peace of mind on the issue. Obviously they're not 100% effective at detection, but they tend to be pretty good. Hitman's the easiest to use, but if you're on a 32-bit system there are more options you can toy with.
I wouldn't get too worked up about it, though. Rootkits are damned scary, for sure, but there's no sense in getting too paranoid about them... A little more than a year ago I was getting some really, really freaky false signs about a rootkit on my machine. Turned out that it was just a Spybot malfunction, but I nuked from orbit because of it. It wasn't a necessary move, and was something of a hassle, since my backups weren't terribly current.
Well I just did my second reformat today to nuke the MBR to settle my paranoia.
If I even had anything on my system to begin with, I still think it had to be something server side but I'm not taking any chances cause its a pain in the ass to do this shit.
Count me as the fourth. A few months ago I got an email from Blizzard saying that my WoW account had been suspended for gold selling - which doesn't make any sense because I haven't played WoW in three years - and I stupidly didn't bother changing my Battle.net logins, which are exactly the same as my gmail, and pretty much everything else I have.
Later I found that someone tried to change the password to battle.net so I reset it back and initiated the mobile authenticator for android so it's virtually impossible for anyone who doesn't have my cell phone to log in to SC2, WoW, etc.
Thank god for gmail - the only reason I found out was because Google sends you an alert if someone has used your account recently from an IP address suitably far off from where you last logged in at. Traced it to some region of China but that was it.
I'd also recommend using a password manager - there's another thread here where someone asks about this as well.