Someone’s Trying to Hack My Gmail AccountPosted: February 2, 2008
UPDATE: Now my Yahoo! account has been hit. I don’t know what’s happening. I’m not being able to log-in. I use this email for a lot of correspondence work. I had used this account to purchase a domain name today and my credit card detail’s stored. This Yahoo! account was earlier being used as the Alternate Email address for my GMail account. Before this problem started, I’d changed the alternate email address for my GMail account. I’ve been trying to log in. Doesn’t work. I’m trying to use the Forgot Password Page. But all that I get is a BLANK PAGE. No Password. I am on hold with Yahoo! Small Business Center because I bought a domain through them and my Yahoo! Mail account is linked to my Domain account. Let’s see if they’ll be able to help…else I don’t know what to do.
In the mean time, if you want to contact me, email me at timeandagainblog at gmail dot com. I’ll answer your comments once this tension is over. Please bear with me. If you have any advice, please leave me a comment or an email at the above mentioned GMail address.
A couple of weeks back, Ish had written a post saying that someone is trying to hack his GMail account. The same thing’s happening to me now. I got a “Change Password” link in my secondary e-mail address thrice. Good thing that I was online when this happened.
Me: Is this a genuine email? This can’t be happening to me!
Yahoo! Mail: Yes, this is a genuine email. We’ve verified it.
Me: Okay! I gotta think fast.
So, I deleted those emails with the “Change Password” links. Next, I logged into my Google account and Changed the Password and the Security Question too. Unfortunately, I use the same Google account for all my services- Google Mail, Google Reader, Google Analytics, Google Calendar, Google Notebook et al. Not to forget, the most important of all, Google Checkout, which has my credit card details. So, I’ve deleted that too. The last thing I want to be hit with is a bill costing me thousands of dollars.
The GMail account associated with this ID is quite important because I use it for lots of important work. Anyway, after doing some preliminary damage control, I sat down to think who could be behind this attack. Can be anyone, unfortunately. People are so curious to know about other people’s private lives…it’s quite funny.
Did the hacker really think that clicking the “Forgot Password” link would be a good way to hack into my account? Didn’t he know that the “Forgot password” link would be delivered in my secondary e-mail address? I’m guessing that whoever tried this method is probably an amateur hacker.
This incident reminds me of another one that happened a couple of months back. One of my good friends tried to hack into my Yahoo! Mail account. I was dumb enough to assume that nobody will ever try to hack my email account. This friend knew enough about me to guess the answer of the Security Question. The next day, I tried to log into my Yahoo account and failed to do so. It didn’t even occur to me that it might have been hacked. I thought that Yahoo’s server must be down.
Next, I logged into my GMail account to check my emails. To my surprise, the very first email was from my friend, explaining to me that he tried to hack into my account and has not read any of my personal emails and he’s very sorry about it. He also gave me the new password. Now starts the fun part. I logged into my Yahoo! account to change the Password and the Security Question. Well…there was no direct link to change the Security Question! Can you believe it? I had to contact Support and verify my identity. A whole bunch of administrative hassles later, my Security Question was changed.
1. Never ever trust anyone. By anyone, I mean just that. Look at my friend. If a friend tries to hack into your account just because he’s very curious, can you blame a stranger?
2. Don’t panic. First do the needful (Change your password and Security Question). If you have confidential information in your email account, then forward those emails to another account and then delete them from the primary email address.
3. I’m thinking of contacting Support, but probably it won’t help. The GMail help section says:
When an attempt to recover your Gmail username or password is made, an email from Google is automatically sent to your secondary email address.
If you didn’t request to recover your username or password, you can ignore the message. If you’re concerned about the security of your account, we recommend changing your password and security question.
The Gmail Team isn’t able to provide you with information about attempted logins to your account including, but not limited to, the IP address from which the attempted login was made, and the time and date attempted logins occurred.
So there is no way that I’ll get to know who did this sinful deed. But you can follow these directions in case your account gets compromised.
4. I tried the “I cannot access my account link” and clicked on “Forgot my password”. After I entered my username, I got this message:
We’ve sent instructions to the secondary email address you provided during signup.
If you don’t have a secondary email address, or if you no longer have access to that account, please try the ‘Forgot your password?’ link again after five days. At that point, you’ll be able to reset your password by answering the security question you provided when you created your account.
To prevent someone from trying to break into an account you’re actively using, the security question is only used for account recovery after an account has been idle for five days. The Gmail team cannot waive the five day requirement or access your password under any circumstances.
If you’re unable to answer your security question or access your secondary email account, we regret that the Gmail team cannot provide further assistance. If you’re concerned about the security of your account, please visit our Security Center.
So, this person might try to retrieve my password after the five day lock period is over. On my part, I’ve changed the Security Question and no one knows the answer except me. Unless the person uses a brute force mechanism. *shudders* I like the way GMail is handling this by providing a five day safety period. That’s an amazing find because it gives me an opportunity to react and change the password/security question in the mean time.
Yahoo! has started a sign-in seal process that will help you distinguish a genuine Yahoo! site from a phishing site. It’s a good idea to do that. Earlier, I had seen that sign-in seal process only while signing into my credit card accounts. Good to know that email service providers have also introduced such a feature. I’m waitig for GMail to come up with something like this too.
In other tech news, Microsoft has offered to buy Yahoo! for $44+ billion. This came as a big surprise to me. Ballmer has been trying to acquire Yahoo! since more than a year. Yahoo’s share price has been declining since a couple of months. Recently, it hit an all time low of $20. Just two days back,
Layoffs and a refocusing effort can only do so much. CEO Jerry Yang needs to find exciting new products or services if he hopes to make Yahoo sing again.
Shortly after, I read this piece of news about Microsoft’s public offer to buy Yahoo! Yahoo’s share price increased as soon as this piece of news was disseminated. Google’s share price has recently been on a downward spiral, because the company has missed the earning estimates of the analysts. Nevertheless, Yahoo and Microsoft are facing increasing pressure on account of Google’s Search Engine.
Yahoo! has a very strong brand value, which, in my opinion will be compromised if this deal fructifies. Even Ballmer has said that he’s not sure if the brand name “Yahoo” will remain. As an avid Yahoo! user, I’m not very happy with this announcement. My dislike for Microsoft is well known. All that Microsoft will bring to board is its 75,000+ strong work force, who’re anyway bundled up with useless ideas. Yahoo’s email service and the photo sharing service Flickr are really popular. But it does lag behind Google by a very wide margin in the search engine depart. Perhaps an acquisition with help Microsoft, which has the 3rd highest share in the Search Engine market, compete with Google on an equal footing.
Almost all of Google’s income is due to its Adsense business, which is indirectly a success thanks to its killer search engine. If Microsoft were to acquire Yahoo, the former will capture Yahoo’s market share and also bring on board its R&D department (how good is the R&D department….is another question) and tremendous wealth. Recently, Microsoft posted high profits on account of its new Operating System Vista and very low profits in all other departments. Perhaps this deal is all that this company needs to revive itself. Maybe Microsoft will still manage to screw up its business. Who knows. Merging two companies that have different work cultures, different product offering, different set of business principles and ethics is not so easy. Not to forget, lots of Yahoo! employees will be laid off, in addition to the already announced 10,000+ people who are being given the cut. This will only leave the other employees disgruntled. On top of this, imagine working for a new boss. The problem will only aggravate for people who are higher up in the corporate ladder.
It takes a couple of years (in the very minimum) to pull off such an acquisition. $44 billion is not exactly peanuts either. Ballmer says that he’ll save at least a billion dollars if this deal comes through. Let’s hope he’s right and let’s hope that Yahoo and its products survive. He’s known for his craziness and I hope that this is not one of his “pet projects”.
In the mean time, you might want to look for other email and photo sharing applications. I don’t know if Yahoo! Mail and Flickr will remain the same.
UPDATE: Found this on Digg- What Will Happen To Flickr if MSFT Buys It