Hacked Gmail Accounts - Hacked Gmail Passwords

Discussion in 'Gmail' started by popowich, Nov 22, 2013.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Warning! It is being reported that Gmail accounts are currently easily hackable:

    Hacking Gmail accounts with password reset system vulnerability | The Hacker News - Security Blog

    It is not known yet if this is a confirmed vulnerability, or if 2-step verification can prevent it, but it can't hurt to enable 2-step login verification now on your account if you have not already:

    http://www.emailquestions.com/gmail/3509-setup-gmail-2-step-verification.html

    If your account has already been hacked please see this guide:

    http://www.emailquestions.com/gmail/1111-recover-lost-gmail-password.html
     


  2. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    Thanks for the heads up Ray!
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    The password reset bug being reported is already fixed. :yay:
     
  4. THERESA

    THERESA Customer Service Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    884
    Likes Received:
    11
    Everyone should still have two step verification in place on all of their emails.
     
  5. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    I've had two step on my Gmail account for quite a while. It's a great security feature. The only problem I've had with it which was my fault is the time I flashed my phone and forgot to turn off 2 Step on my accounts. :hammer: What a PITA that was. Luckily I had backup codes in a true crypt volume that I knew the password too.

    I have two step on my primary Gmail, Lastpass, Dropbox, Dreamhost, CMS Commander, and Digital Point (not sure why DP, I rarely login).

    Lastpass recently started supporting Transakt which I'd never heard of. I trust Lastpass though and they put it into the fold it must be good. So, I tried it out. It's neat. Basicly on login you get a notification on your phone to accept or approve login, no copying of codes needed. Transakt still has codes for backup purposes but it's a whole lot easier just to hit accept rather than remember a 6 digit code.
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
  7. foggy

    foggy Valued Member

    Joined:
    Oct 23, 2010
    Messages:
    320
    Likes Received:
    23
    Yes, indeed.

    But it's also a reason why I like to go to an email-only service (i.e. no social type stuff [like Google+, chat, etc.]) with low cost and great customer support. :D I use Fastmail, Runbox and EuMX. True, the services I have right now don't have 2FA (yet). But for the time being I think they're still mostly 'under the radar.' Besides, I do have a 30+ character password for each of those accounts, so I should be okay if those passwords get stolen, no?

    Anyway, I'll inform my relatives who have Yahoo accounts (since those were also hacked) about the password theft. There doesn't seem to be a publicly accessible list of exactly whose account passwords were stolen. :confused:
     
  8. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    I don't think trying to fly "under the radar" is safe, and I also don't think FastMail is under the radar since most Top10 listings include that service.

    No 2FA for FastMail accounts?
     
  9. foggy

    foggy Valued Member

    Joined:
    Oct 23, 2010
    Messages:
    320
    Likes Received:
    23
    Well, there's an optional 2FA at FM, but it's more for safety away from home, i.e. if you're logging in on a public computer, you can use a one-time password with 2FA, so that if someone sees the password used they're prevented from gaining access to your account on two fronts (OTP and 2FA). But the main account can still be accessed by using the master password alone.

    For any interested, see this thread (and the FM rep's response in post #6).

    Edit: EQ isn't allowing my link {fixed link}
     
  10. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    I fixed the link, you were missing the http:// in front of it, which defaults the forums to putting http://www.emailquestions.com/ in front of it.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...