Gmail hacked

[B2L]

Earlier this morning i logged into my gmail account and it said there had been suspicious activity on my account, after looking into it further it's showing that an IP address from Ukraine, and also California had logged into my gmail account. I have already gone through the whole process of changing all of my passwords and fixing everything on my account.

But the thing i was wondering is it possible to send the hackers IP addresses to Google? I want to report these hackers.

 

[XplosiV]

If its google thats told you about the suspicious activity, then the chances are they already know the suspect IP addresses, along with a lot more info that you dont.

 

[Dark Jedi]

Earlier this morning i logged into my gmail account and it said there had been suspicious activity on my account, after looking into it further it's showing that an IP address from Ukraine, and also California had logged into my gmail account. I have already gone through the whole process of changing all of my passwords and fixing everything on my account.

But the thing i was wondering is it possible to send the hackers IP addresses to Google? I want to report these hackers.

If the hackers hacked your account then I am sure they was using proxy addresses to hide their locations. Also I am sure Google already has all the ip addresses.

 

[B2L]

Alright well thanks for the info guys, i appreciate it.

 

[A.Nonymous]

Turn on 2 factor authentication. Fixes the problem right there. I could give you my password right now and you wouldn't be able to get into my Gmail account.

 

[cds0699]

Turn on 2 factor authentication. Fixes the problem right there. I could give you my password right now and you wouldn't be able to get into my Gmail account.

I have a question about this. I like to experiment with flashing different ROM's and such on my phone, and as a result I need to sign into my google account on my phone (like at startup) more often than most people whenever I flash a new ROM. How does the 2 factor authentication work in that regard?

 

[A.Nonymous]

I have a question about this. I like to experiment with flashing different ROM's and such on my phone, and as a result I need to sign into my google account on my phone (like at startup) more often than most people whenever I flash a new ROM. How does the 2 factor authentication work in that regard?

You have to either generate a new password, keep the old one on file someplace, or create an update.zip file from Titanium and flash that one or the other.

 

[B2L]

You have to either generate a new password, keep the old one on file someplace, or create an update.zip file from Titanium and flash that one or the other.

I guess this is what i will have to do. I flash a ton of roms as well so it might be kind of a pain, but it definitely sounds worth it. Thanks.

 

[330D]

Turn on 2 factor authentication. Fixes the problem right there. I could give you my password right now and you wouldn't be able to get into my Gmail account.

This^ at the suggestion of an AF buddy I did it last night. Once you do the 2 step authentications, it makes you realize how insecure you may have been before. The 2 step is a good thing.

 

[A.Nonymous]

This^ at the suggestion of an AF buddy I did it last night. Once you do the 2 step authentications, it makes you realize how insecure you may have been before. The 2 step is a good thing.

That was my reaction as well. It is a bit frustrating at times to try to log on to a computer you've not logged on to before and you don't have your phone. But then that also lets me know just how secure the account really is. The old adage is "Something you have, something you know."

 

[prassu]

Turn on 2 factor authentication. Fixes the problem right there. I could give you my password right now and you wouldn't be able to get into my Gmail account.

I heard about this..is it already available? is it a paid service from google?

 

[cds0699]

I heard about this..is it already available? is it a paid service from google?

Yes its already available and it is a free service, no cost.

 

[jamor]

I signed up for the authentication/verification thing where every time you login to a new computer (or same computer if you adjust the settings) you have to wait to receive a text message with the security code. I feel a lot safer now.

 

[prassu]

I signed up for the authentication/verification thing where every time you login to a new computer (or same computer if you adjust the settings) you have to wait to receive a text message with the security code. I feel a lot safer now.

Is it SMS?? I remember seeing in a youtube video that the second authorization code will be generated randomly in a mobile app ( not sure if its android or apple). Do they give an option of both SMS & app generated code?

 

[prassu]

Good that google has brought this..Now other email providers like yahoo or hotmail will have to start following this too.But I dont think they will in the near future..

 

[jamor]

Is it SMS?? I remember seeing in a youtube video that the second authorization code will be generated randomly in a mobile app ( not sure if its android or apple). Do they give an option of both SMS & app generated code?

Hmm I haven't seen the app generated code option but maybe there is one.

They gave me the option of either receiving an SMS or a Voicemail which will have the authorization code to log into your gmail account.

 

[cds0699]

Hmm I haven't seen the app generated code option but maybe there is one.

They gave me the option of either receiving an SMS or a Voicemail which will have the authorization code to log into your gmail account.

There is that option, you can search for "Google Authenticator" in the Android market.

 

[A.Nonymous]

Google authenticator is what I use.

 

[jamor]

There is that option, you can search for "Google Authenticator" in the Android market.

Well I tried it and it doesn't work.

If you go to google verification options, there isn't an option for the app - you can only select text or voicemail in my options.

 

[prassu]

I am getting all the options text/voice call & smartphone applications. Any idea if the google authenticator app requires internet connectivity to generate the code??

SMS Option-> I dont want to have this as I travel and my sim might not have coverage.
Android App -> if its a standalone app which does not require internet connectivity all the time then it would be great for me again the reason being travel. if it is a standalone app its like having a rsa token with you..

 

[prassu]

I have configured the 2 step authentication.I have gone for the android app and it seems the best option as it does not need phone signal or internet for generating the code. Thanks all..

 

[alostpacket]

The old adage is "Something you have, something you know."

Dammit. I was using the "Something borrowed, something blue" one

I knew something was wrong...

 

[AndyOpie150]

Turn on 2 factor authentication. Fixes the problem right there. I could give you my password right now and you wouldn't be able to get into my Gmail account.

Thanks to:B2L for bringing the gmail security to our attention. Thank you for the info on the 2 step authentication. I just set it up 5 min. ago. I also got a random password generator from IObit that I'll be using on all the password protected sites that I have. Thanks again!!

 

[Covart]

So out of curiousity, if I use a 14 digit alpha/numeric and special character, non-linear password; And assume I always use private browsing and clear history and cache after every session; Additionally, let's say I access from multiple OS's, multiple computers and multiple IP addresses? How secure should I feel? Or does any of that even matter?

 

[alostpacket]

So out of curiousity, if I use a 14 digit alpha/numeric and special character, non-linear password; And assume I always use private browsing and clear history and cache after every session; Additionally, let's say I access from multiple OS's, multiple computers and multiple IP addresses? How secure should I feel? Or does any of that even matter?

That's secure in the sense that your password would be hard to brute force, but you have a single point of failure in the password. So if any of those computers end up being compromized, you could have the password itself sniffed.

That's the basic reason two-factor authentication is (generally) more secure than just passwords.