GMail Account Hacked

Late Friday night, I got a somewhat cryptic DM on Twitter from Pradeep Viswanathan. It said, “You have been attacked by some virus!!! take the required measures :)” I don’t know Pradeep very well (not outside of Twitter, at least), so I wasn’t quite sure how he knew that I had been attacked by a virus. In fact, my first thought was that Pradeep had been attacked by a virus which sent out DMs to his followers stating that they had been attacked by a virus.

Shortly after that, Judith Barnett emailed me at my primary e-mail account, stating that my gmail account had been hacked, and was sending out spam.

Uh-oh.

I logged into gmail, and before I could even get to my “Sent Items” folder to verify, I saw several bounced emails in my inbox, sent by me (apparently). The message stated:

Hi friends

Please download and watch my girlfriend’s self-view video
http://(link removed by me)/video.exe

After reading, please reply me……Very exciting.

So… what to do?

  1. First thing I did was to verify that my account had indeed been compromised. At the bottom of the gmail page, there’s a link:

    GMail Details Link

    When I clicked on “Details”, I saw the following:

    GMail Details Screen

    One of these things is not like the other one…

  2. After clicking the “Sign out all other sessions” button (there weren’t any other active sessions, but it didn’t seem like a bad idea at the time), I then proceeded to change my password. My old password was strong(ish). I went with another strong(ish) one… a combination of alphanumeric characters with some special characters sprinkled in for good measure.

  3. Finally, I deleted all of my contacts. My gmail account is used almost exclusively for mailing lists and other non-personal correspondences. Unfortunately, Google doesn’t seem to provide any means of disabling the “Add everybody I interact with to my contact list”, so the list was populated automatically, and had grown substantially over the years. But since I do my “real” emailing from my primary account (at griefer dot com), I don’t need these contacts. I’ll simply have to go in once a week or so and manually remove them. This way, if something similar happens again (and it certainly could), the damage will be minimal, at best.

While I feel badly that friends (who were in the contact list from years ago when I actually did use the account as my primary address) and mailing lists got spammed, I’m not terribly worried about the security of any of my personal information. This doesn’t seem to have been a person hacking into the account and manually navigating around it. Notice the “Recent activity” doesn’t identify the Access Type, or rather, identifies it as “Unknown”. I assume it was a script that targets random gmail accounts, and if it successfully cracks the password, simply spams the contact list and moves on. Had it been a person, I’d imagine he (or she) would most likely have changed my password. In fact, I was somewhat surprised that it worked when I went to log in.

To those who may have received the message above from “me” (be it directly or via a mailing list), I apologize. I thank everybody who brought it to my attention. That night, I received a number of DM’s and @’s on Twitter, and a few IMs. The following morning, I received many, many emails letting me know that my account had apparently been hacked (and, unfortunately, one that seemed rather disappointed that after downloading the “video” and double clicking the .exe file (!), they were unable to get the video to run… true story. *sigh*).

If you use your gmail account like I do (as a secondary account), I’d suggest you do a semi-regular housekeeping of the contact list. If there’s no good reason to store that information, might as well remove it, just in case something similar happens to you.