Google constantly being hacked
Discussion
I keep getting email form Google telling me my account has been hacked:
[i]Hi MY NAME,
We recently blocked a sign-in attempt to your Google Account [MY EMAIL@googlemail.com].
Sign in attempt details
Date & Time: Sunday, March 1, 12:00 PM GMT
Location: United Kingdom
If this wasn't you
Please review your Account Activity page at https://security.google.com/settings/security/acti... to see if anything looks suspicious. Whoever tried to sign in to your account knows your password; we recommend that you change it right away.
If this was you
You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecur... so that your account is no longer protected by modern security standards.
To learn more, see https://support.google.com/accounts/answer/6010255...
Sincerely,
The Google Accounts team[/i]
I've changed my password four times now, the last time to a 10-character random number and letter string, but it is still getting compromised.
Any ideas what is going on?
[i]Hi MY NAME,
We recently blocked a sign-in attempt to your Google Account [MY EMAIL@googlemail.com].
Sign in attempt details
Date & Time: Sunday, March 1, 12:00 PM GMT
Location: United Kingdom
If this wasn't you
Please review your Account Activity page at https://security.google.com/settings/security/acti... to see if anything looks suspicious. Whoever tried to sign in to your account knows your password; we recommend that you change it right away.
If this was you
You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecur... so that your account is no longer protected by modern security standards.
To learn more, see https://support.google.com/accounts/answer/6010255...
Sincerely,
The Google Accounts team[/i]
I've changed my password four times now, the last time to a 10-character random number and letter string, but it is still getting compromised.
Any ideas what is going on?
boyse7en said:
I've changed my password four times now, the last time to a 10-character random number and letter string, but it is still getting compromised.
Any ideas what is going on?
Is it actually from Google?Any ideas what is going on?
The access is being blocked every time according to Google, so it's not been compromised?
It could be something as simple as someone trying to log into their account which is something similar to yours. I have a regular email coming round from family that I dont have, the intended recipient has the same address as me, just without the dot between our first and second names.
On the other hand, it could be a specific attack at your account (amongst millions of others) based on your email address. It's still not been compromised? What Google are saying is change the password to be a complicated one that isnt in a dictionary to make it harder and harder to guess, not that you just need to change your password from password to mypassword
Edited by andy-xr on Monday 2nd March 09:51
furtive said:
^ Very much thisAlso, check that the links direct you to actual Google pages (if you hover over the link, it should pop up the actual address you'll be taken to which can be different from what's displayed in the message).
I never click on links within these sorts of emails, better to go search for the page yourself so you know you're not being directed to a copy designed to harvest your login details.
boyse7en said:
it is still getting compromised.
No it isn't. The email from Google tells you that they BLOCKED the attempt. Someone is trying to sign on as you and failing.However, the advice given above about 2-factor auth. and more complex passwords is valid and should be followed to reduce the chances of the attempted sign-ons becoming successful.
Has anyone actually read the OP?
The claim is that someone is continually attempting to access his GMail using the correct password, despite it being changed.
This seems unlikely to me, but if it is the case, then you need to look at the root cause: i.e. you have a keylogger or other means of security compromise on your machine, or less alarmingly, that you are triggering these security warnings yourself.
The claim is that someone is continually attempting to access his GMail using the correct password, despite it being changed.
This seems unlikely to me, but if it is the case, then you need to look at the root cause: i.e. you have a keylogger or other means of security compromise on your machine, or less alarmingly, that you are triggering these security warnings yourself.
Edited by trashbat on Monday 2nd March 10:25
Because, like when your bank rings you to query a transaction, it either correlates with a known attack pattern or doesn't fit the expected usage pattern.
So maybe for example: signing in from a random Russian IP whilst the phone is still in the UK, or using a strange browser signature, or the same IP is trying to automatically log in to loads of accounts at once, or whatever.
So maybe for example: signing in from a random Russian IP whilst the phone is still in the UK, or using a strange browser signature, or the same IP is trying to automatically log in to loads of accounts at once, or whatever.
trashbat said:
Has anyone actually read the OP?
The claim is that someone is continually attempting to access his GMail using the correct password, despite it being changed.
This seems unlikely to me, but if it is the case, then you need to look at the root cause: i.e. you have a keylogger or other means of security compromise on your machine, or less alarmingly, that you are triggering these security warnings yourself.
Ooops. Missed that.The claim is that someone is continually attempting to access his GMail using the correct password, despite it being changed.
This seems unlikely to me, but if it is the case, then you need to look at the root cause: i.e. you have a keylogger or other means of security compromise on your machine, or less alarmingly, that you are triggering these security warnings yourself.
Edited by trashbat on Monday 2nd March 10:25
OP - do you have any new devices or have any devices changed networks recently (e.g. mobile phones, tablets, laptops) ? ISP using dynamic IP allocation and migrated you to a different block ?
That can trigger the Google system to throw a warning about unknown logins from unexpected locations until you authorise them.
Edited by marshalla on Monday 2nd March 10:38
trashbat said:
Because, like when your bank rings you to query a transaction, it either correlates with a known attack pattern or doesn't fit the expected usage pattern.
So maybe for example: signing in from a random Russian IP whilst the phone is still in the UK, or using a strange browser signature, or the same IP is trying to automatically log in to loads of accounts at once, or whatever.
Didn't realise that. Nice to hear.So maybe for example: signing in from a random Russian IP whilst the phone is still in the UK, or using a strange browser signature, or the same IP is trying to automatically log in to loads of accounts at once, or whatever.
As above. The answer is 2-Step authentication and a few different AV scans of your PC - Malwarebytes etc
Since the trigger originates in the UK during UK daytime, I reckon the probability is high that the OP is activating the alerts himself, although I don't know why he wouldn't notice the failure to sign in.
Maybe a phone trying to sync, or some software like a messenger app that integrates into GMail but doesn't produce a highly visible failure - or alternatively, malware attempting to log in from his own PC, but that seems unlikely.
Maybe a phone trying to sync, or some software like a messenger app that integrates into GMail but doesn't produce a highly visible failure - or alternatively, malware attempting to log in from his own PC, but that seems unlikely.
sgrimshaw said:
LordGrover said:
^^ googlemail addresses do not distinguish dots before the @.
my.name = myname = myna.me
You learn something new every day ..... my.name = myname = myna.me
Thanks for that gem
I get these every now and then since blocking access to less secure apps in the Account settings. I figured that's how I'd leave it unless I find something doesn't work that I want to. Check your account settings OP under the signing in section for Access to less secure apps and see if it's set to Block.
I did it after getting the check your account security settings to get 2Gb free on Drive.
I did it after getting the check your account security settings to get 2Gb free on Drive.
jammy_basturd said:
Started using a VPN recently?
I've been using free zenmate vpn which has five locations, one in the UK, then US DE,CH,HK and I've had the Google change password thingy as they think I'm signing in from a different country when signing in to gmail, guess their pattern matching says can't be in all locations in such a short space of time, sent him a 'passwordy' email.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff