Jump to content

  • Log In with Google      Sign In   
  • Create Account


Someone tried to steal my gmail account?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
16 replies to this topic

#1 Hodgman   Moderators   -  Reputation: 27519

Posted 06 January 2013 - 08:01 AM

I use 2-factor authentication on my google account -- when I log in on a new computer, it sends a code to my phone to confirm that it's me.
 
I was just sitting at my desk, about to go to bed, when unprompted, I receive a text message with one of these google verification codes. That means that someone has entered my user-name and password into the google login box!
 
Of course, I immediately opened up my account page and set a new password... and sure enough, my "Account activity" info says:
 
Last sign-in countries
Australia, Netherlands
I live in Australia, so someone in the Netherlands has gotten my password!
 
It was a 12 character password, made up of dictionary words and numbers, so it's guessable, but not easily.
 
I try not to use the same log-in details on different services usually... but my StarCraft 2 login details were this email address and this password, and (encrypted) SC2 user-data was stolen recently. When that hack occurred, I did change my SC2 password, but I didn't change my google password... so I guess it's possible that someone decoded the SC2 database and recovered my email/password from it, and tried to use them to log in to google, which would've worked...
 
Besides making sure that I don't have any other services where I use that password (and that email as the username), what else should I be doing? Have there been any other high-profile game database hacks recently that I could point the finger at? Anyone have any recommendations for good malware scanners that I should run to be sure my own PC isn't to blame?

Edited by Hodgman, 06 January 2013 - 08:12 AM.


Sponsor:

#2 noatom   Members   -  Reputation: 767

Posted 06 January 2013 - 08:40 AM

I doubt that there is something wrong with your pc.Anyway,if there would be a keylogger or something,it would just show up on the process list in task manager.

#3 slicer4ever   Crossbones+   -  Reputation: 3192

Posted 06 January 2013 - 10:05 AM

weird, i literally got an email from gmail about suspicious activity yesterday, i changed my password, but it said it was from china.

 

i didn't realize blizzard's accounts were hacked=-\.


Check out https://www.facebook.com/LiquidGames for some great games made by me on the Playstation Mobile market.

#4 rip-off   Moderators   -  Reputation: 7641

Posted 06 January 2013 - 11:13 AM

One idea is to prefix, infix or append every password with an identifier synthesised from the site. For example, if your password is "topsecret", the starcraft password might be sctopsecret and your gmail password would be gmtopsecret. This means that such password dumps will be extremely unlikely to affect you, as every password is unique. Most such attacks are automated, so it is unlikely that the attacker will account for even such a simple transformation. Well, until a large percentage of the starcraft passwords start with "sc" I guess...

 

This is particularly handy when you have too many logins to worry about them all. I have a couple of critical accounts that I value, which get their own passwords, but most of the other accounts I happen to create get one of a set of passwords, along with such "personalisation". I don't even follow these services closely enough to hear about breaches, so it is nice to feel that little bit more secure, even if I don't care too much about the individual services I wouldn't like them all to be hacked. It also hopefully puts you outside the low hanging fruit in the event of immediate exploitation of a breach that you aren't aware of yet.

 

I had this happen me before while I was at work, but there was no odd location/IP address. While I cannot discount a potential hack by a co-worker, I don't think this is likely. My work and personal passwords have no overlap. I chalked it up to a bug on Google's side, but I changed my password all the same.



#5 Tom Sloper   Moderators   -  Reputation: 8642

Posted 06 January 2013 - 11:41 AM

My website was hacked this week.  A javascript was injected into every single page.  The site is hosted by Yahoo, and my theory is that someone somehow got my password.  I changed the password and replaced all infected pages from backup. 


-- Tom Sloper
Sloperama Productions
Making games fun and getting them done.
www.sloperama.com

Please do not PM me. My email address is easy to find, but note that I do not give private advice.

#6 Tom Sloper   Moderators   -  Reputation: 8642

Posted 06 January 2013 - 11:45 AM

Anyway,if there would be a keylogger or something,it would just show up on the process list in task manager.

 

How would someone recognize a malicious process?  Its creator could simply create an innocuous name and description.


-- Tom Sloper
Sloperama Productions
Making games fun and getting them done.
www.sloperama.com

Please do not PM me. My email address is easy to find, but note that I do not give private advice.

#7 ranakor   Members   -  Reputation: 439

Posted 06 January 2013 - 12:00 PM

Password wise i'm using what i think is a good (but not perfect) solution.

For each service (and even subservice, anywhere where a different password is allowed) i use a guid or a substantial part of a guid.

I store the list of guids in an excel file on a file sync service, whose account is also GUID protected.

Means i need to open & copy paste each time i need to relog on a website, and doesn't prevent from hacking, but DOES prevent from having all your accounts corrupted on all websites when one gets corrupted as a GUID is not going to be guessable from another GUID.



#8 noatom   Members   -  Reputation: 767

Posted 06 January 2013 - 12:00 PM

well I just know the normal processes that I have,and the average number:)

#9 ddn3   Members   -  Reputation: 1248

Posted 06 January 2013 - 02:00 PM

When in doubt wipe everything and re-install.. If u have an really old disk image use that first but otherwise it's almost impossible to detect these rootkits if that's the case, but give ur handy dandy anti-virus a try first like Avast maybe u have a regular trojan, it should be able to detect most of them, they do process scanning these days..

 

Good Luck!

 

-ddn



#10 ranakor   Members   -  Reputation: 439

Posted 06 January 2013 - 03:31 PM

or use a root kit revealer like sysinternals did



#11 ApochPiQ   Moderators   -  Reputation: 14252

Posted 07 January 2013 - 06:07 AM

Hundred bucks says this is a run-of-the-mill password database compromise. We see this all the time.

The best advice I can offer anyone on account security is don't reuse your damn passwords ;-)

Even my throw-away passwords are all unique to the account they belong to. There are patterns to them but you'd have to know me personally very well to even see the pattern, let alone guess how I construct new passwords. Not perfection by any means but it gets the job done.

If your memory is not so hot, or if you want the extra layer of paranoia, use a password management tool and go nuts with the really hideously long passwords. Otherwise, use the passphrase-and-symbol trick (five dictionary words separated by punctuation is much stronger than ten random alphanumeric characters).

But above all: if you use the same password or a trivial variant thereof in more than one place, assume that eventually both accounts WILL be stolen. People suck at securing password databases.

#12 LennyLen   Crossbones+   -  Reputation: 3298

Posted 07 January 2013 - 06:25 AM

weird, i literally got an email from gmail about suspicious activity yesterday, i changed my password, but it said it was from china.

I've had notification about suspicious activity from China on several occasions, no matter how often I change my password.

#13 Net Gnome   Members   -  Reputation: 769

Posted 07 January 2013 - 07:33 AM

a little while back i created this cipher program to generate ciphered text from a couple clear text sources plus some mutation values. Its not cryptographicaly secure, but then that is not its purpose. It just allows you to keep some clear-text reminders somewhere then bring them together to generate your password for whatever. I don't use it yet as i still want to add a "user seed key" that is separate so that even if someone used your clear text, they still couldnt get your passwords cause they lacked your user seed key. I also want to add the ability to restrict specific special characters from the output, just havent gotten a round-tuit yet.

 

Anyway, its the best i've come up with that obviates memorization.


Edited by Net Gnome, 07 January 2013 - 07:46 AM.


#14 0BZEN   Crossbones+   -  Reputation: 2004

Posted 08 January 2013 - 11:24 AM

I'm seriously considering writing my own password obfuscation tool.


Everything is better with Metal.


#15 Bacterius   Crossbones+   -  Reputation: 8135

Posted 08 January 2013 - 12:55 PM

a little while back i created this cipher program to generate ciphered text from a couple clear text sources plus some mutation values. Its not cryptographicaly secure, but then that is not its purpose. It just allows you to keep some clear-text reminders somewhere then bring them together to generate your password for whatever. I don't use it yet as i still want to add a "user seed key" that is separate so that even if someone used your clear text, they still couldnt get your passwords cause they lacked your user seed key. I also want to add the ability to restrict specific special characters from the output, just havent gotten a round-tuit yet.

 

Anyway, its the best i've come up with that obviates memorization.

 

You may be interested in password derivation, which allows you to cryptographically derive a pseudorandom password of any length from any number of tokens you find convenient to remember (or are just implied) such as the website in question, your username on that site, or any other metadata, really. I believe recent password managers support this out of the box, but it's not too difficult to implement yourself, all you need is a secure HMAC function.


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#16 slicer4ever   Crossbones+   -  Reputation: 3192

Posted 08 January 2013 - 12:58 PM

personally i'm going to start using rip-off's technique, simply to remember, and unique to every website, the only diffrence is i'll probably do something like: gamedev_password, rather than creating a prefix for the site.


Check out https://www.facebook.com/LiquidGames for some great games made by me on the Playstation Mobile market.

#17 Net Gnome   Members   -  Reputation: 769

Posted 08 January 2013 - 05:40 PM

You may be interested in password derivation, which allows you to cryptographically derive a pseudorandom password of any length from any number of tokens you find convenient to remember (or are just implied) such as the website in question, your username on that site, or any other metadata, really. I believe recent password managers support this out of the box, but it's not too difficult to implement yourself, all you need is a secure HMAC function.

 

I may have to look into that. I based mine off some simple concepts used in encryption but via character ops instead of bit ops. It produces some very good passwords as it stands, so i didn't feel the need to increase its encryption level further, but i'm going to have to look more into HMAC :)






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS