Gmail Hacked, What to Check after?

spackbace on 31/08/2018 - 12:05
Last edited 31/08/2018 - 13:37

Update: missing emails explained (google drive full), but need to deal with random Linux login of my account

Sigh Great start to a Friday. Checked my phone and my emails have been deleted back to Wednesday, which seemed weird. Upon further research, found out my account had been accessed by a Linux system (don't believe I have anything that would use that)

So, Gmail password changed, 2-stage login setup (yeah yeah I know), all devices except my phone are logged out.

What next? What else should I check/change?

I think it's the home pc or wifi that's compromised, though I can't do anything about that till I get home from work. The Linux login was in my suburb, so it's either my pc or a neighbour afaik. My wifi password is pretty strong, at least I thought so.

No friends/family have received dodgy emails.

There was also a login from the Linux system on the 6th August :/

Electrical & Electronics

Related Stores

Google
Google

Comments

  • HighAndDry on 31/08/2018 - 12:05
    +7

    Sigh Great start to a Monday.

    Well at least I have some good news for you…?

    • spackbace on 31/08/2018 - 12:06
      -1

      Lol replying 30 seconds after I post, jees!

      And shh, I've only had the 1 coffee so far 😂

      • HighAndDry on 31/08/2018 - 12:10

        Hahaha, I probably am on here too much.

        What next? What else should I check/change?

        Yeah the bad news kinda continues though - you really need to check/change everything that you've used that Gmail as a primary or secondary verification email for, because for 99% of sites, password/login resets are just a verification email. The rest of the sites that are better… having access to your email makes social engineering the non-email part of any account reset verification process that much easier.

        Though it's also weird that they've deleted all the emails back to a certain day, and that makes me think they might've signed up for something using your details (if it's a local IP address, have you not received any kind of ID recently or had any ID in the mail that could've been copied/put back?). In which case, I'd go for a full credit freeze through the 3 credit agencies, and check for new credit cards, paypal accounts, personal loans. Actually - opt for a full credit check with one of the credit agencies to see if "you" have signed up for anything at all.

        • spackbace on 31/08/2018 - 12:13

          Nah, can't think of any ID that would've been due to come in by post

        • HighAndDry on 31/08/2018 - 12:15

          @Spackbace: Hmm, that's at least a good sign. Email getting hacked is bad enough - but from a local IP? That's… eugh. Brings an extra layer of creepy to the table.

        • spackbace on 31/08/2018 - 12:16

          @HighAndDry:

          Haven't checked IP but suburb was identical

        • HighAndDry on 31/08/2018 - 12:19

          @Spackbace: Ah gotcha. Yeah - there's no positive side to this that I can see. It's either actually someone local, or someone spoofing it to look local. The first option is just creepy not to mention the potential safety implications, the second points to something serious because that's not a trivial thing to do. I'm definitely on the paranoid/cautious side, but I'd personally get a credit freeze to be safe.

  • Diji1 on 31/08/2018 - 12:20
    -1

    I think it's the home pc or wifi that's compromised

    Or router.

  • spackbace on 31/08/2018 - 12:26

    Ok new problem, I'm not receding any new emails from outside sources! Tried sending one from another email and it didn't come through

  • spackbace on 31/08/2018 - 12:36

    Wait… Sorted the send/receive new emails issue… Gmail/google drive was out of space 😂

    • HighAndDry on 31/08/2018 - 12:44

      LOL! I wonder if the other issues might also be linked then? I can't see how they would, but I'm also not in any kind of IT field.

      • spackbace on 31/08/2018 - 12:49

        The missing emails are likely explained by that

        As to the Linux login, I need to sort that out somehow.

        My Gmail login goes way back to Gmail beta, and I'm one that just leaves emails on there lol just deleting all unread emails now just to clear it. Doubt there would be anything meaningful that I haven't read

        Gmail is using up 12gb of my 15gb storage lol

  • CyberMurning on 31/08/2018 - 12:38
    +1

    check this
    https://haveibeenpwned.com/

  • [Deactivated] on 31/08/2018 - 13:05
    +1

    does it give you more information than "linux system" as there are a lot of devices that run on variants of linux

    • spackbace on 31/08/2018 - 13:07

      Nah it doesn't unfortunately

  • Gronk on 31/08/2018 - 13:34

    Are you broadcasting a WiFi network at home? And if so, is your router firmware up to date?

    Netgear have had more than one instance where exploits have been found with their consumer hardware which allows people to take full control of it (via wifi) and access your network, I'm sure other brands have had similar issues. I'm not saying that's what's up, but the fact that the location was local to you makes it seem more likely.

    I'd also run a malware scan on your PC just to be on the safe side, especially if you're unsure how they got your password.

    Google Authenticator is your friend ;)

  • [Deactivated] on 04/09/2018 - 00:08

    Actually hacked, do you reckon, or has it dawned that you probably weren't?

    Versions of Android TV will see report of Linux, because the codey kernel.
    If any logins via older tab/phone, earlier Android versions frequently reported as Linux. Some browsers/individual updates can still do that, even with recent versions running.
    Xbox360 OS also has Linux kernel.

    YouTube logins, or to anything else, utilising Google Account Credentials/GAC, spa..? Likely some or other, there are your, most likely benign in nature, Linux logins.

    Unless a preponderance of evidence suggests otherwise, you can probably/safely go back to your old password. If not using a password manager, maybe before you forget your new one…

    :)

    • spackbace on 04/09/2018 - 01:13

      Yeah some googling showed that some Android apps might appear as Linux :/

      • [Deactivated] on 04/09/2018 - 09:15

        You did jump off the paranoia deep-end, but hackers looking for weaponised quokka secrets via WA residents is indeed a real concern.

        Vicious quokkas our only hope until the French subs arrive.

  • [Deactivated] on 10/09/2018 - 03:25

    For maybe anyone searching linux keyword on OzBargain, because that (just like weaponised quokkas), highly possible…
    :)

    Article arguably interesting - https://www.zdnet.com/article/even-linus-torvalds-doesnt-com…

Login or Join to leave a comment
Login Join