A heads up and warning for Gmail users

Please monitor your accounts for suspicious activity and update your passwords.

Gmail disabled one of my accounts and I had to get it reactivated. I discovered someone was able to actually able to compose and send an email from my Gmail account (it is actually in my Sent Mail folder) without my knowledge.

I'm a software consultant and am pretty militant about avoiding malware and keeping my system secure, so this is a real shocker. If someone is able to send mail from my Gmail account, they would also have had access to my Inbox and all the mails therein.

Fortunately the Gmail account they accessed was the one I use exclusively for promotions, newsletters and junk mail so no personal correspondence would have been available to view.

I'm not sure how Gmail knew to deactivate my account based off of one email that was sent without my consent, but I think it may be a more widespread problem than just me.

If so, haha ;-)

If not, actually I do not know how they could have accessed my Gmail. I'm running MacOS (I keep it updated) and only access mail on it or via my iPhone's Mail app.

Seems to be more evidence of brute force attacks on passwords.

I hadn't changed it in awhile, though.

I have so many accounts with the same password it isn't funny, although the important ones (financial, personal) get unique ones with letters, numbers, and punctuation

You create a user account on some website, you give them your email and create a password for your user account, but you reuse the password for your email account. Now if that website has poor security on their passwords, if someone gets that info they can use it to guess your email account password. Most of the cases of email hijacking I deal with occur from phishing emails and or reuse of passwords.

...some other IP than your normal one accesses your mail account there's a message about it. Unfortunately, it's at the bottom of the page. I would love to have it smack at the top of the page. Anyway, you can find the strong password generators on the web as web pages and go to your gmail settings to turn on the IP tracking thing.

I haven't had my account hacked or anything like that but I had a rootkit on my machine for about a day and a half...and I went through and changed all my passwords again. Which is a bitch, but obviously worth it.

I'm about as militant as KeepItReal when it comes to system security and so if you're reading this and you're not terribly savvy about keeping your computer really secure, just realize it can bite anybody. And so, everybody needs to be aware of what kind of activity might be going on with their account.

PB

:shrug:

LOL

It might be possible...though I am not sure, but there have been times I tried to access Twitter and had to use my Gmail name and password. If someone can hack into Twitter, than maybe thats possible too. I will change my password.. thanks again for the tip. (Note, this may also go for Facebook, which has had some problems exposing people's personal information of late.)

as the password or even "answer" to a made-up "security" "question." Problem is, some sites have string length limitations on inputs.