Google hacked?
15 September 2009
When I tried to check my Blogger blog, Notes from underground, and my Gmail account, I got this message:
We’ve detected suspicious activity on your Google Account. Please create a new password to continue using your account.
Read some tips on creating a secure password.
Now that really does look suspiciously like a phishing expedition!
Does anyone know what’s going on?
Anyway it doesn’t look as though anyone will be able to contact me through my Gmail address for a while, or perhaps for ever. So for contact information see here. And there I was recommending Gmail as so much more reliable than Yahoo!
7 Comments
leave one →
Khanya 
Based on the links in the message, it looks like it’s really from Google (i.e., not phishing). Maybe your password was somehow compromised, or some bizarre combination of normal things you did got interpreted as abnormal by Google.
Just to be on the safe side, I wrote to them to check, and I did not use that form, but followed their regular procedure to reset my password, and that worked.
But the form that popped up looked exactly like the kind of phishing attempts I see quite frequently.
Hi Steve,
I’m guessing someone tried to access your Google account a number of times which ended up locking your account.
A few months ago I had to reset my google password. Somehow someone had hacked into it and replaced my sig file with advertising and reset things so that anyone who wrote to me got an automatic reply (using the out-of-office facility) with some advertising message. At first I thought it was just a spoofer imitating my address, but then discovered I had in fact been hacked. So I reset password: I had qute a difficulty in finding one that was sufficiently robust by their standards and which I thought I could remember!
I postulate, then, that there is a bit of an industry somewhere (Nigeria?) in having a go at google accounts to crack passwords. I consider myself fortunate that worse was not done.
For important accounts, I now tend to go for ‘strong encryption’ passwords …
You should have had a strong password to begin with…
letters numbers symbols.
Try not making it any easier for people cracking your account than it needs to be…
Think about it for a moment.
You have no idea how strong or weak my original password was, nor had the person/people who were attempting to crack it. The “suspicious activity” was presumably their attempts; I have nove evidence that they succeeded, and all Google knew was that they were trying.
What I was objecting to was that their attempt to warn me that someone might be trying to log into my account looked suspiciously like a phishing attempt. itself. That was why I did not respond to it immediately, but ran a few tests for key-press loggers and the like first.
Hi. Yes, that email from google is right. You’ve been hacked. It happened to me. Don’t know how as I’m very cautious and have high security. But, it stole all my contacts and sent malicious emails to them then deleted all my contacts, so I couldn’t send a warning not to open the mail AND to add it added all my contacts to my contacts in my email address! Absolutely ridiculous! I hope the person who caused this bs is caught. The IP addressed that hacked in my google is from China. You can also see what IP addressed hacked into your account my going to account activity in your google services.
Peace,
AMY