Hacked Gmail Accounts - Hacked Gmail Passwords

[popowich]

Warning! It is being reported that Gmail accounts are currently easily hackable:

Hacking Gmail accounts with password reset system vulnerability | The Hacker News - Security Blog

It is not known yet if this is a confirmed vulnerability, or if 2-step verification can prevent it, but it can't hurt to enable 2-step login verification now on your account if you have not already:

http://www.emailquestions.com/gmail/3509-setup-gmail-2-step-verification.html

If your account has already been hacked please see this guide:

http://www.emailquestions.com/gmail/1111-recover-lost-gmail-password.html

 

[Big Dan]

Thanks for the heads up Ray!

 

[popowich]

The password reset bug being reported is already fixed.

 

[THERESA]

Everyone should still have two step verification in place on all of their emails.

 

[Big Dan]

Everyone should still have two step verification in place on all of their emails.

I've had two step on my Gmail account for quite a while. It's a great security feature. The only problem I've had with it which was my fault is the time I flashed my phone and forgot to turn off 2 Step on my accounts. What a PITA that was. Luckily I had backup codes in a true crypt volume that I knew the password too.

I have two step on my primary Gmail, Lastpass, Dropbox, Dreamhost, CMS Commander, and Digital Point (not sure why DP, I rarely login).

Lastpass recently started supporting Transakt which I'd never heard of. I trust Lastpass though and they put it into the fold it must be good. So, I tried it out. It's neat. Basicly on login you get a notification on your phone to accept or approve login, no copying of codes needed. Transakt still has codes for backup purposes but it's a whole lot easier just to hit accept rather than remember a 6 digit code.

 

[popowich]

2 million accounts hacked (including Gmail accounts)

2 million Facebook, Gmail and Twitter passwords stolen in massive hack - Dec. 4, 2013

Yet another reason to enable 2-step verification if you didn't do it yet:

http://www.emailquestions.com/gmail/3509-setup-gmail-2-step-verification.html

 

[foggy]

Yet another reason to enable 2-step verification if you didn't do it yet:

Yes, indeed.

But it's also a reason why I like to go to an email-only service (i.e. no social type stuff [like Google+, chat, etc.]) with low cost and great customer support. I use Fastmail, Runbox and EuMX. True, the services I have right now don't have 2FA (yet). But for the time being I think they're still mostly 'under the radar.' Besides, I do have a 30+ character password for each of those accounts, so I should be okay if those passwords get stolen, no?

Anyway, I'll inform my relatives who have Yahoo accounts (since those were also hacked) about the password theft. There doesn't seem to be a publicly accessible list of exactly whose account passwords were stolen.

 

[popowich]

I don't think trying to fly "under the radar" is safe, and I also don't think FastMail is under the radar since most Top10 listings include that service.

No 2FA for FastMail accounts?

 

[foggy]

Well, there's an optional 2FA at FM, but it's more for safety away from home, i.e. if you're logging in on a public computer, you can use a one-time password with 2FA, so that if someone sees the password used they're prevented from gaining access to your account on two fronts (OTP and 2FA). But the main account can still be accessed by using the master password alone.

For any interested, see this thread (and the FM rep's response in post #6).

Edit: EQ isn't allowing my link {fixed link}

 

[popowich]

I fixed the link, you were missing the http:// in front of it, which defaults the forums to putting http://www.emailquestions.com/ in front of it.