2.1 v2 and gmail possibly hacked

[travisvn1]

This morning at 3 am spam was sent out of my gmail account. I am not sure if it came from my phone or my account just got hacked (my computers were turned off). I changed the Password on my account. Since I am running 2.1 and it is not an official release there is the possibility this is where it came from it was a simple email with a link in it. Just wanted to post a heads up to keep you eyes open

 

[badfrog]

I doubt it is the rom.

 

[OfTheDamned]

How long have you had 2.1 on your phone?

 

[DroidJW]

Is the spam showing in your sent gmail items or did you and/or friends receive spam that appears to originate from your gmail? If its the latter, I suspect the spammer has just spoofed your gmail address, rather than hacked your gmail account.

I admit I am always a bit cautious with something like an unofficial ROM -- knowing it may be from an unscrupulous source. In the case of 2.1 v2, so many here have upgraded, I believe improper activity would be flagged by now (especially by pros like OTD & Caddy).

 

[erisuser1]

There is little that prevents a spammer from sending an email with a forged senders' "From" address. (Well, actually, it's a little harder than it was 10 years ago, but it is still possible.)

The cretin / spambot that is using your e-mail address could have harvested it from any place that it was made publicly available... or perhaps harvested from the email store on a virus-infected PC owned by someone who has received an email with your address listed somewhere.

You would probably need to be using a gmail address that had never been used even once - for any purpose - before you conclude that "gmail on my phone was hacked".

I'm not saying it is impossible, but that there are a lot of other ways it could have happened that are more likely than the route you are suggesting.

(Note that at least one me those ways could be a rogue app you installed on your phone that has access to your address book)

eu1

 

[travisvn1]

How long have you had 2.1 on your phone?

I did the upgrade within hours of its release. In answer to other questions the email is showing in my out box. First thing I did was change my password so hopefully that was the issue. It happened on the rare occasion when I had all of my computers were off which is weird since I tend to leave them all on. I work in IT so I am pretty careful with my passwords. The funny thing is I found out about it when my boss got one of the emails and alerted me. If it happens again I am going to suspect the phone (since it stores the password) otherwise I would have to believe somebody managed to get into my account. I just thought I would post in case anyone else experienced this.

 

[Pitamakan]

There is little that prevents a spammer from sending an email with a forged senders' "From" address. (Well, actually, it's a little harder than it was 10 years ago, but it is still possible.)

The cretin / spambot that is using your e-mail address could have harvested it from any place that it was made publicly available... or perhaps harvested from the email store on a virus-infected PC owned by someone who has received an email with your address listed somewhere.

You would probably need to be using a gmail address that had never been used even once - for any purpose - before you conclude that "gmail on my phone was hacked".

I'm not saying it is impossible, but that there are a lot of other ways it could have happened that are more likely than the route you are suggesting.

(Note that at least one me those ways could be a rogue app you installed on your phone that has access to your address book)

eu1

Yeah, exactly. Though something like that is theoretically possible in a hacked ROM, the odds are so insanely small that I don't even think it's worthy of consideration. And there are so many copies of those 2.1 builds in use now, that we certainly would have had other reports by now.

Almost certainly, what happened is that a hacker harvested your e-mail address from somewhere -- possibly the computer address book of one of your contacts. Your Eris is blameless here.

 

[smacky]

I figured out a friend's password to his GMail/school email, facebook, and school account. It wasn't hard.

It isn't always some hacker.

 

[erisuser1]

Yeah, exactly. Though something like that is theoretically possible in a hacked ROM, the odds are so insanely small that I don't even think it's worthy of consideration. And there are so many copies of those 2.1 builds in use now, that we certainly would have had other reports by now.

Almost certainly, what happened is that a hacker harvested your e-mail address from somewhere -- possibly the computer address book of one of your contacts. Your Eris is blameless here.

Except that the mail appearing in his outbox proves conclusively that his account was compromised.

GMail uses https for authentication, so that sort of rules out network sniffing. OTOH, something about this seems a little odd - leaving a trail like that (sentbox crumbs) allows for ready detection.

If the boss still has the spam, the delivery headers might (or might not) provide some info.

If I were to guess, I would suspect that the OP had a keylogger dropped on one of the machines he uses... or one of the OP's co-workers shoulder-surfed him.

 

[DroidJW]

I did the upgrade within hours of its release. In answer to other questions the email is showing in my out box. First thing I did was change my password so hopefully that was the issue. It happened on the rare occasion when I had all of my computers were off which is weird since I tend to leave them all on. I work in IT so I am pretty careful with my passwords. The funny thing is I found out about it when my boss got one of the emails and alerted me. If it happens again I am going to suspect the phone (since it stores the password) otherwise I would have to believe somebody managed to get into my account. I just thought I would post in case anyone else experienced this.

This is disturbing indeed. Might you run updated malware/virus scan on all your PCs (included malwarebytes if possible) and check for keyloggers?

Some folks here reported malware install (or attempts to install) from the ad popups from the sites that hosted the ROM (this did not happen to me). Perhaps you had an infection from that?

Since you are an IT guy, you may have already scanned your systems, but it would be a big favor to others here if we could narrow the possible source of the hack.

 

[katerchap]

hey guys
any update on this one? Did changing your passwords work?

This happened to me today, spammed my gmail contact list with

"Hello friend.:
I have good news for you. Last week ,I have Order china 3 Products
Samsung UN55B8000 55-Inch... (insert more rubbish)"

All this was noted in my Sent Items. It then also set my facebook status to the same thing. Given my phone is the only place I have logged on to gmail and facebook from in the past few weeks (and is the only place the password is remembered). I am assuming it has come from my phone (even tho the log does say browser)

I ran a couple of different security/av etc programs over the phone and it all came up clean

I am using
HTC Desire
2.1 update 1

I have been through my gmail logs and someone from China logged in

Browser China (115.49.36.246) 3:49 pm (1 hour ago)

I have changed all my passwords

 

[MrChips]

Not the ROM. Google "gmail hacked" and most of the results will have "China" in the title. It's cyber-war.

 

[Amlethus]

hey guys
any update on this one? Did changing your passwords work?

This happened to me today, spammed my gmail contact list with

"Hello friend.:
I have good news for you. Last week ,I have Order china 3 Products
Samsung UN55B8000 55-Inch... (insert more rubbish)"

All this was noted in my Sent Items. It then also set my facebook status to the same thing. Given my phone is the only place I have logged on to gmail and facebook from in the past few weeks (and is the only place the password is remembered). I am assuming it has come from my phone (even tho the log does say browser)

I ran a couple of different security/av etc programs over the phone and it all came up clean

I am using
HTC Desire
2.1 update 1

I have been through my gmail logs and someone from China logged in

Browser China (115.49.36.246) 3:49 pm (1 hour ago)

I have changed all my passwords

I was hacked this morning as well, from the same IP address. Same situation.

I really want to know how they hacked my account! My password wasn't changed, so it wasn't a hack where they were able to activate the "forgot your password?" feature. I would really like to know how my password was stolen.

Anyone else fall victim? This is the best search result for this IP, and I hope it comes up higher on google for "gmail account hacked".

 

[ppbb]

you can check for ip access to your gmail account. go to the bottom of your gmail page (on your computer) and scroll to the bottom of the page:

Last account activity: 22 minutes ago at this IP (your ip address). Details

click details - this will show who accessed your account and which ip address. You should see your normal desktop, plus any mobile devices (phones, ipads etc)

from there you can look up the ip addresses and bust em!

 

[erisuser1]

More likely that your PC is compromised, or you use a "weak" password, or you installed a rogue app, than a problem with the ROM.

 

[shaebedi]

This morning at 3 am spam was sent out of my gmail account. I am not sure if it came from my phone or my account just got hacked (my computers were turned off). I changed the Password on my account. Since I am running 2.1 and it is not an official release there is the possibility this is where it came from it was a simple email with a link in it. Just wanted to post a heads up to keep you eyes open

I too just discovered that my gmail account was spamming. I am running andriod 1.6 and it was spamming random emails and I was getting failed attempt returns....

Again not sure if it was from an application. But I am suspecting it was a World of Warcraft application that I downloaded, as the return emails were all Blizzard related...

 

[Alleycat]

Have you been using wifi in a public location (Barnes and Noble, Panera, McDonald's, Starbucks, etc)? Mine was compromised about 3 months ago, and I suspect it was from using public wifi to check my gmail account on my iPod Touch.

I've got a pretty complex password now and I avoid using public wifi, so I'm good so far (knock on wood).

 

[cyraxx]

I too just discovered that my gmail account was spamming. I am running andriod 1.6 and it was spamming random emails and I was getting failed attempt returns....

Again not sure if it was from an application. But I am suspecting it was a World of Warcraft application that I downloaded, as the return emails were all Blizzard related...

Same thing happened to me this weekend. I received a notification that my gmail couldn't refresh, so I tried to log in and it wouldn't let me. I reset the password and logged in again on my phone, not thinking anything of it, and checked my mail. There was a returned email to someone I don't know telling them to log in the to their account at the WoW site in addition to a message from Google saying that it was blocked from sending because it seemed like spam.

I fell asleep and when I woke up, same problem...gmail couldn't update. I changed the password yet again, but this time I did it on my PC. It's been over a day and the password hasn't been changed, so I suspect the problem is solely with my phone, rather than anything on my PC. The only Blizzard related application that I have is the Authenticator, and that's official. Be that as it may, I'll be doing a full reset soon to hopefully rid myself of this problem. Thankfully I haven't checked my bank account or anything important from my phone.

Any idea what is causing this?