|
I was at a restaurant earlier today when my phone had notified me that there was an issue authenticating my Gmail account. I thought nothing of it and assumed it was a connection issue. When I arrived home, however, I attempted to log onto my e-mail account and the password had been changed. Luckily I had another active e-mail account which I had the password reset to.
I generally am very secure when it comes to using computers and other technology, I have a virus scanner running constantly, and scan my whole computer often. Aside from that, I'm generally intelligent enough to avoid common trojan/virus traps on the internet. I also use separate passwords for everything I do, aside from one thing...
I realized that my old PSN password was the same as my Gmail password was. I changed my PSN password when the whole compromise deal went down, but didn't realize that my password for my e-mail was the same (I'm always logged in on my personal computer/phone, so I never needed to enter it).
Incidentally the attacker was from Seoul in South Korea. I've looked around a bit and have found no way to report the attack to Google, or whoever I should report such an incident to. If anybody has any information on how/where to report such an incident it would be greatly appreciated.
Finally, if you have a PSN account, and don't have 2-step verification enabled on your Gmail account/share any passwords, get on fixing that. I had nothing of importance in my account and most of my other accounts/information seemed safe. You may not be so lucky.
|
I basically have a few sets of pw's I rotate to avoid such a problem:
1. email - gets its own
2. more secure stuff like banking, online credit card balance, etc (usually each is different)
3. basically everything else (forums, etc)
this way, if one does get compromised, it's not a big deal. especially not the forum/random signup ones.
i don't see why you'd need 2 step verification if you changed your pw and security questions already, unless the korean hacker is clairvoyant. lol. once you changed everything and go to the ip logs and click "sign out all sessions", it's basically impossible for the hacker to get back in. i just find it annoying when i need to check email and I have to always reach for my phone to get the sms code, not much point if you stay vigilant.
|
It's possible that you used your gmail to register on a shady website and used the same password as your gmail.
does that sentence make sense? i'm very tired X(
shady website registration:
xxx@gmail.com
password1
your gmail login:
xxx
password1
|
I enabled 2-step verification on Gmail soon after the PSN fiasco just because that's an account I never wanted viewed by anyone else but me.
|
On May 27 2011 14:00 Cambium wrote:
It's possible that you used your gmail to register on a shady website and used the same password as your gmail.
does that sentence make sense? i'm very tired X(
shady website registration:
xxx@gmail.com
password1
your gmail login:
xxx
password1
I understand what you're saying, and I've never done that. My e-mail had a unique password until I got a PSN account. I have a few passwords that I use for things that I don't really care about, and I am sure to never use my e-mail password for anything that I need my e-mail to register for.
Ballasdontcry, I've already done everything you've stated, and as I said I'm pretty sure that the compromise was due to the PSN issue about a month ago. Just throwing a warning out there for anybody who may have missed something like I apparently did.
|
@Zerste
glad that your carefulness has paid off
Also, thanks for warning 
|
yea my hotmail got hacked after psn thing happened. i used the same pw for it (i dont buy stuff on psn so i didnt consider it important). I used it to subscribe to junk stuff, forums, etc. but after losing the acct i realized it was a bit more important to me than i had thought.
it caused me alot of headache. and it probably had alot of personal info than i wanted it to be. but luckily it wasn't my main email acct. Whew.
|
This happened to me yesterday. And I was logged into my gmail, fortunately so I found out fast. Tried to log in my gmail on different laptop but couldn't and had to change my password.
|
On May 27 2011 14:10 Hostile wrote:
I enabled 2-step verification on Gmail soon after the PSN fiasco just because that's an account I never wanted viewed by anyone else but me.
Definitely do this. I was getting hacked up and down the wall, had numerous random security precautions, changed passwords constantly, and after I got the google authenticator (aka 2-step verification), I've had no problems since. It's sort of a paranoid move, but you really cannot go wrong with that. Good luck!
|
same happened to my gmail account a month ago, had a random login from china as well as one from seoul. no password change though. guess they dl'ed all the emails (nothing important) and thats it. changed my password, hasnt happened again since then.
|
I suggest getting several gmail accounts. I have 3 different accounts with a set purpose for each (Junk, Work, Personal). All three have different passwords. Atleast then if you get 'hacked' you dont end up losing everything.
|
If you're using an anti-virus in the first place, that's a sign you're already doing something wrong. If you're the kind of person who use an anti-virus I highly recommend getting an authenticator for anything important to you.
|
So.
The PSN thing right. Did the hackers actually get PASSWORDS?... i.e. they were stored as PLAIN TEXT?! No hashing? No salting?
WHAT?!
|
On May 27 2011 16:19 VIB wrote:
If you're using an anti-virus in the first place, that's a sign you're already doing something wrong. If you're the kind of person who use an anti-virus I highly recommend getting an authenticator for anything important to you.
Why would using Anti-virus software be wrong? It is the smart thing to do. Unless you're a security ICT professional with the weird hobby to remove worms and viruses from your computer on daily basis you should be running some anti-virus/anti-spyware software. Especially normal users.
What are you smoking? :S
|
So they attempted to reset my battle.net password, and they succeeded because when I went to log on it told me my password was incorrect. Luckily I had already enabled the 2 step verification for my google account and so they could not log into it to get any further. I reset my password for my battle.net account again, and so it should be okay now.
Now I'm just wondering what else they made off with...
On May 27 2011 16:19 VIB wrote:
If you're using an anti-virus in the first place, that's a sign you're already doing something wrong. If you're the kind of person who use an anti-virus I highly recommend getting an authenticator for anything important to you.
There's no such thing as too much security. Apparently I had not enough.
|
The problem with anti-virus software is that it takes up resources, gives users a false sense of security, and flags false positives. You're plenty safe just by updating your programs and avoiding shady websites. I don't believe there's ever been a virus that exploited an unknown/unpatched vulnerability without the user's stupidity that would have been caught by anti-virus software. The only virus I've gotten in the last 10 years was when Razer's site got hacked on the same weekend as I got a new keyboard and the hacker put viruses in all the driver downloads. Anti-virus would have warned me about that I guess, but I probably would have thought it was wrong and installed anyway. 
|
On May 27 2011 16:47 Zerste wrote:So they attempted to reset my battle.net password, and they succeeded because when I went to log on it told me my password was incorrect. Luckily I had already enabled the 2 step verification for my google account and so they could not log into it to get any further. I reset my password for my battle.net account again, and so it should be okay now. Now I'm just wondering what else they made off with... Show nested quote +On May 27 2011 16:19 VIB wrote:
If you're using an anti-virus in the first place, that's a sign you're already doing something wrong. If you're the kind of person who use an anti-virus I highly recommend getting an authenticator for anything important to you. There's no such thing as too much security. Apparently I had not enough.
It doesn't always have to be you. There's lots of websites with information about you. Every site you register can be hacked. Hell, Sony got hacked. If you would expect security somewhere, it 'd be at a big company like Sony. So you are absolutely right, one can't be too carefull.
And I would seriously consider changing ALL passwords you have. That way no matter how much they stole, they won't be able to acces any account of you anymore.(I do understand that is a lot of work though)
I hope you won't have anymore trouble from here on.
|
On May 27 2011 13:57 ballasdontcry wrote:
I basically have a few sets of pw's I rotate to avoid such a problem:
1. email - gets its own
2. more secure stuff like banking, online credit card balance, etc (usually each is different)
3. basically everything else (forums, etc)
this way, if one does get compromised, it's not a big deal. especially not the forum/random signup ones.
i don't see why you'd need 2 step verification if you changed your pw and security questions already, unless the korean hacker is clairvoyant. lol. once you changed everything and go to the ip logs and click "sign out all sessions", it's basically impossible for the hacker to get back in. i just find it annoying when i need to check email and I have to always reach for my phone to get the sms code, not much point if you stay vigilant.
Once your email is compromised, so is your 3. point, as all passwords are linked to email.
|
On May 27 2011 16:56 Blasts wrote:Show nested quote +On May 27 2011 16:47 Zerste wrote:So they attempted to reset my battle.net password, and they succeeded because when I went to log on it told me my password was incorrect. Luckily I had already enabled the 2 step verification for my google account and so they could not log into it to get any further. I reset my password for my battle.net account again, and so it should be okay now. Now I'm just wondering what else they made off with... On May 27 2011 16:19 VIB wrote:
If you're using an anti-virus in the first place, that's a sign you're already doing something wrong. If you're the kind of person who use an anti-virus I highly recommend getting an authenticator for anything important to you. There's no such thing as too much security. Apparently I had not enough. It doesn't always have to be you. There's lots of websites with information about you. Every site you register can be hacked. Hell, Sony got hacked. If you would expect security somewhere, it 'd be at a big company like Sony. So you are absolutely right, one can't be too carefull. And I would seriously consider changing ALL passwords you have. That way no matter how much they stole, they won't be able to acces any account of you anymore.(I do understand that is a lot of work though) I hope you won't have anymore trouble from here on.
Thanks. I've been changing any passwords that have given me issue. The only problem is I'm not quite sure of all of the accounts that are of importance to me off the top of my head. When I go to log onto them and find that they're locked is when I'll realize and reset them. Probably more work that way but I've changed everything I can think of.
I'm paranoid about my banking stuff though. I'm pretty sure none of the information obtainable through my e-mail was telling, but I might request a new card/change of pin. I've already changed my online banking password, but still...
|
On May 27 2011 17:02 MaxwellE wrote:Show nested quote +On May 27 2011 13:57 ballasdontcry wrote:
I basically have a few sets of pw's I rotate to avoid such a problem:
1. email - gets its own
2. more secure stuff like banking, online credit card balance, etc (usually each is different)
3. basically everything else (forums, etc)
this way, if one does get compromised, it's not a big deal. especially not the forum/random signup ones.
i don't see why you'd need 2 step verification if you changed your pw and security questions already, unless the korean hacker is clairvoyant. lol. once you changed everything and go to the ip logs and click "sign out all sessions", it's basically impossible for the hacker to get back in. i just find it annoying when i need to check email and I have to always reach for my phone to get the sms code, not much point if you stay vigilant. Once your email is compromised, so is your 3. point, as all passwords are linked to email.
I think the point is that once 3 is compromised 1 isn't, that's why 3 get's the same passwords anyway, it's not that important or secure. I use something similar.
|
On May 27 2011 16:47 Zerste wrote:
There's no such thing as too much security. Apparently I had not enough. Of course there is. If you cut your cord from the internet, turn off your computer and lock it inside a safe. You'll probably won't get a virus. But then you won't be free to use your computer however you'd want.
If you use an authenticator you're safe enough. Not doing anything stupid like not opening a porn.exe attachment on an email or not browsing with IE6 on outdated Flash. That will give you much more protection than the negligable layer of protection that an antivirus and firewall will give you.
|
On May 27 2011 17:06 VIB wrote:Show nested quote +On May 27 2011 16:47 Zerste wrote:
There's no such thing as too much security. Apparently I had not enough. Of course there is. If you cut your cord from the internet, turn off your computer and lock it inside a safe. You'll probably won't get a virus. But then you won't be free to use your computer however you'd want. If you use an authenticator you're safe enough. Not doing anything stupid like not opening a porn.exe attachment on an email or not browsing with IE6 on outdated Flash. That will give you much more protection than the negligable layer of protection that an antivirus and firewall will give you.
Well I certainly don't do anything you've said above, and yet I still had a single point of failure in my e-mail password. If I had had the 2 step verification in place before this happened, I would have gotten a useless text and not much else.
|
On May 27 2011 16:51 ShadowDrgn wrote:The problem with anti-virus software is that it takes up resources, gives users a false sense of security, and flags false positives. You're plenty safe just by updating your programs and avoiding shady websites. I don't believe there's ever been a virus that exploited an unknown/unpatched vulnerability without the user's stupidity that would have been caught by anti-virus software. The only virus I've gotten in the last 10 years was when Razer's site got hacked on the same weekend as I got a new keyboard and the hacker put viruses in all the driver downloads. Anti-virus would have warned me about that I guess, but I probably would have thought it was wrong and installed anyway.
I used to think like this. Then at the company I work every computer got infected with a worm and a ton of viruses because our manager thought like this too, and figured it would be cheaper with no anti-virus. We've been busy for 3 weeks, back-ups could not be used, all user accounts were being blocked constantly so we had to manually re-enable them, sometimes every 5 minutes. It took a lot of work and a lot of time to get things back on track. Ever since, we run anti virus software.
After that we had to scan every USB device too, and we had to set up instructions for users to scan their home pc too to prevent reinfection.
It's no fun, believe me.
The funny thing? Once we installed anti-virus everywhere, the anti-virus picked the virus up right away. We could easily remove the virus, now we only had to install the anti-virus on around 500 working stations spread all over the country. If we would have it installed before, it would have been just 1 popup with a warning, instead of 3 weeks of hard work, lost time that co-workers couldn't work, lost time the IT department couldn't work and generally just lots of money.
So please, for the love of god, just install an anti-virus program, because you underestimate the problems viruses can cause. Even if it's just your own pc, you basically need to reinstall your operating system, because some malicious software goes so deep into your operating system once its been installed, a virus scanner installed after infection can't completely kill it.
And then I'm not even talking about somebody installing some sneaky program that logs all your keys while you enter your credit numbers or do other sensitive stuff like that. The worst part is, without anti-virus, there can be such programs, without you knowing it. That is no fun, especially when your bank account is hacked.
Please, please, please just install a virus scanner.
|
On May 27 2011 17:10 Zerste wrote:Show nested quote +On May 27 2011 17:06 VIB wrote:On May 27 2011 16:47 Zerste wrote:
There's no such thing as too much security. Apparently I had not enough. Of course there is. If you cut your cord from the internet, turn off your computer and lock it inside a safe. You'll probably won't get a virus. But then you won't be free to use your computer however you'd want. If you use an authenticator you're safe enough. Not doing anything stupid like not opening a porn.exe attachment on an email or not browsing with IE6 on outdated Flash. That will give you much more protection than the negligable layer of protection that an antivirus and firewall will give you. Well I certainly don't do anything you've said above, and yet I still had a single point of failure in my e-mail password. If I had had the 2 step verification in place before this happened, I would have gotten a useless text and not much else. That's all that I'm saying, just use the authenticator and you'll be infinite times safer than with an anti-virus The 2 step sign up is pretty safe and efficient. Anti-virus are not.
|
On May 27 2011 17:15 VIB wrote:Show nested quote +On May 27 2011 17:10 Zerste wrote:On May 27 2011 17:06 VIB wrote:On May 27 2011 16:47 Zerste wrote:
There's no such thing as too much security. Apparently I had not enough. Of course there is. If you cut your cord from the internet, turn off your computer and lock it inside a safe. You'll probably won't get a virus. But then you won't be free to use your computer however you'd want. If you use an authenticator you're safe enough. Not doing anything stupid like not opening a porn.exe attachment on an email or not browsing with IE6 on outdated Flash. That will give you much more protection than the negligable layer of protection that an antivirus and firewall will give you. Well I certainly don't do anything you've said above, and yet I still had a single point of failure in my e-mail password. If I had had the 2 step verification in place before this happened, I would have gotten a useless text and not much else. That's all that I'm saying, just use the authenticator and you'll be infinite times safer than with an anti-virus The 2 step sign up is pretty safe and efficient. Anti-virus are not.
My roommate and my girlfriend are also free to use my computer at any time. I turn it off when I'm done, but I don't require a login because I don't need to explain to them the password 40 times. I have the AV there just in case. Also, I just built this computer, so I'm not too worried about resource usage.
|
I got my main account hacked a month ago. It had basically everything important. I didn't think I would get my account hacked but I did. Learned from my mistake and went with the 2-step verification thing.
Thing is, google can't really go above and beyond to get your account back since it is not a paid service. Although they have a form you can fill to try and get your account back, but the chances that you would are slim.
|
Well, Artosis said Nestea has IQ of 1000, maybe it was him that attacked you from Seoul, Korea? :D
|
I have learnt my lesson after having my account compromised twice. Got 2 step authentication in place which hopefully keeps me safe enough.
|
I honestly don't know how people get viruses.. and why they have anti-virus software to begin with.
Chrome/Firefox protect you from browser viruses and everything else is your own fault. I don't need norton slowing down my computer, I just avoid downloading obscure music torrents with 0 comments and 4 seeds.
Whoever made anti-virus is a genius.. every computer illiterate person in the world uses it now.
|
I was hacked by someone from Seoul South-Korea too a few weeks back. 3 anti virus programs found nothing, I basically only use that PW for battle.net and gomtv.net/TL. Is it possible someone broke into either of those databases?
|
On May 31 2011 23:59 Serelitz wrote:
I was hacked by someone from Seoul South-Korea too a few weeks back. 3 anti virus programs found nothing, I basically only use that PW for battle.net and gomtv.net/TL. Is it possible someone broke into either of those databases?
Similar to this, a few weeks ago I had my main email address and a spam one hacked at the same time. The 'security question' was reset to some language (Korean or Chinese) that I didn't understand at all. I certainly didn't set it to those characters, and had to Google translate it and it said 'Favourite historical figure' and I was like 'whaaaaat?'
Horrible thing is after sending in the help form to Hotmail, answering so many questions and putting as much info as I possibly could (including listing dates of a good number of emails, subjects and some of their content) they said 'We cannot verify you, stranger. Piss off'.
Surely some Korean or Chinese hacker twat logging in with a totally different IP address in a totally different country should alert them to the fact its not me? Perhaps someone logging in on a new IP never used before in a country I've never logged into that account on ever, changing passwords, changing contact details, security questions etc AND language settings suddenly all at once SHOULD flag as dodgy to them?
No, perfectly fine and I am apparently not who I say I am. Twats!
Needless to say I signed up to a gmail account after having my hotmail one uneventfully for about 9 years. Sod them.
|
Bot edit.
User was banned for this post.
|
Hyrule19220 Posts
|
|
|
|
|
|
EPT
