I was just sitting at my desk, about to go to bed, when unprompted, I receive a text message with one of these google verification codes. That means that someone has entered my user-name and password into the google login box!
Of course, I immediately opened up my account page and set a new password... and sure enough, my "Account activity" info says:
Last sign-in countriesI live in Australia, so someone in the Netherlands has gotten my password!
It was a 12 character password, made up of dictionary words and numbers, so it's guessable, but not easily.
I try not to use the same log-in details on different services usually... but my StarCraft 2 login details were this email address and this password, and (encrypted) SC2 user-data was stolen recently. When that hack occurred, I did change my SC2 password, but I didn't change my google password... so I guess it's possible that someone decoded the SC2 database and recovered my email/password from it, and tried to use them to log in to google, which would've worked...
Besides making sure that I don't have any other services where I use that password (and that email as the username), what else should I be doing? Have there been any other high-profile game database hacks recently that I could point the finger at? Anyone have any recommendations for good malware scanners that I should run to be sure my own PC isn't to blame?
Edited by Hodgman, 06 January 2013 - 08:12 AM.