What to do when your Gmail and Google Apps Account Get Hacked
December 18, 2009
Gmail Account and Google Apps Got Hacked
I frequently get "password assistance" emails in my Gmail inbox that have a link to reset the password of my Google Account (see screenshot). Since I don’t initiate such password change requests myself, it’s clear that someone else is trying to hack into my Google account.
I generally ignore such emails as they also say:
If you’ve received this mail in error, it’s likely that another user entered your email address by mistake while trying to reset a password. If you didn’t initiate the request, you don’t need to take any further action and can safely disregard this email.
I got a similar email yesterday night and ignored it as usual. In the next five minutes, there was a message on my BlackBerry saying that the device is having trouble fetching emails from my Gmail and Google Apps account. Microsoft Outlook too had stopped working by then.
Things were now no longer in my control. Someone had successfully managed to change the password of my Gmail account, my Google Account and the most terrifying part was that the hacker also gained control over my Google Apps Account which is linked to labnol.org and other web domains.
When something like this happens, you tend to get that ’sinking feeling’ because now all your private information (email correspondence, documents, bank statements, photographs, etc.), your identity on the social web (Twitter, Facebook, Blogger, etc.) and, most important, your online business is not in your hands anymore.
I make a living from this blog but if someone else takes control of the site (by changing a couple of passwords and DNS records), the going can get really tough.
How the Google Accounts were hacked?
I use a fairly strong password so it can be tough for someone to guess that string. And since I got a password reset email request in the first place, the possibility that the password was cracked can be safely ruled out.
My assumption is that since my Gmail account is was set as the secondary email address of my Google Apps account, he (or she?) somehow hacked into the Gmail account and from there he gained control of my other Google Accounts. This seems probable but I am not sure.
As soon as I discovered that the accounts were hacked, I posted a message on Twitter, contacted a couple of people at Google and filled up these recovery forms in order to verify ownership. I consider myself lucky because several people went out of their way to help me and access to all the accounts was finally restored in the next 3 hours. The nightmare was over.
Things to do before the hackers strike again!
I won’t ever know who that hacker was except that he left a brief message in my Inbox saying that he didn’t hack my Google account with bad intentions and that he "enjoys exploring the web for vulnerabilities". The note also says that he is in need of urgent money and asks for a specific amount.
Anyway, here a few important things that I have learned in the process that you might want to implement at your end as well though it’s hard to tell if one can really prevent a determined hacker from stealing your Google accounts:
#1. Log-in to your Gmail / Google Account and associate a phone number. You’ll then receive an SMS text message whenever someone tries to recover your Google password.
#2. Create a new email address (on say Yahoo! Mail or Gmail itself) and set this as the secondary email address for your existing Gmail and Google Accounts. Check for emails on this new account manually or through a desktop client via POP3 / IMAP but do not enable auto-forward for the new email address as the original purpose will be defeated.
#3. Take a paper and write down the following information about your Google Account. You will need this to verify your identify to Google in case someone else takes over your Google Account and the secondary email address associated with your account.
- The month and year when your created your Gmail / Google Account.
- If you created a Gmail account by invitation, write the email address of the person who first sent you that invite for Gmail.
- The email addresses of your most frequently emailed contacts (the top 5).
- The names of any custom labels that you may have created in your Gmail account.
- The day/month/year when you started using various other Google services (like AdSense, Orkut, Blogger, etc.) that are associated with the Google account that you are trying to recover. If you’re not certain about some of the dates, provide your closest estimate.
#4. Do a test run. Log-out of all your Gmail / Google Accounts and initiate the password recovery process for each one of them using this form. This will help you make sure that your SMS settings and secondary email addresses are configured correctly.
#5. Once in a while, do refer to that little line in the footer section of your Gmail Inbox that shows the different IP addresses from where your account is being accessed. If you find an unknown IP address, change your Google password immediately.
The person who hacked my Gmail accounts configured them with his Hotmail account so he could effectively read all my email communication remotely from his Hotmail inbox without ever logging into my Google account again. I could figure that out only after I saw an IP address from a Microsoft server in my Gmail activity log.
For Google Apps users
If you have lost access to your Google Apps dashboard, you’ll have to create a new CNAME record pointing to google.com to verify that you are actual owner of that web domain. To reset the password for the administrator of your Google Apps domain via your domain hosting company, the URL is:
https://google.com/a/cpanel/xyx.com/VerifyAdminAccountPasswordReset[*] Replace xyz.com with your own domain address.
Ads by GoogleCheap HostingFull FTP, PHP & CGI access Ad Free, No Hidden Chargeswww.LimeDomains.com 100% Super Fast Web HostNever Worry About Being Offline. We Run Reliable Australian Web Serverswww.DomainWorld.com.auShare this page
Find this article at: http://www.labnol.org/internet/gmail-and-google-apps-hacked/11799/
Tags: Email, feature, gmail, google, google apps, guide, Internet
Reader Comments
Hey Amit,
I see an Airtel IP on the log .
Was that an Indian guy, who had hacked it ?
And did you talk to him ?Written by Soam on 12.18.09
Gmail got hacked again! A shock!
Written by Satya Prakash on 12.18.09
Wahh.. That was scary. Good that finally you got the control back. Thx much for all tips.
Written by Technologymadness.com on 12.18.09
That must have been a real nightmare. Do post here if you ever figure out how they hacked into your account in the first place. Maybe if you weren’t using HTTPS, they sniffed the last email (the password reset one from Google) and then followed the link to reset the password?
Just thinking.Written by Rajesh J Advani on 12.18.09
Hi Amit
Thank you for all this superb advice and I’m glad you regained control as rapidly as you did.
I had no idea that you could register a phone number, now it’s done!
Thank you again for one of the most important posts of the year… should be read by anyone with a gmail account.Written by App Developer on 12.18.09
Thanks for putting in all those information sir. Its really horrifying to know, that somebody can possibly take control of what is ours, so easily.
Nice to feel that, you were promptly rescued.
But thank god, that I maintain all the services(adsense, paypal, banks & wp-login) with different accounts, & thanks Digsby & Keepass, that I never to link any account with the other. Maybe earlier that it felt stupid to check them all manually, but now I feel happy that I did that.
Anyways I have bookmarked this page for a similar day in future(but with my fingers crossed, praying that such a day never comes).Written by Soumen Halder on 12.18.09
Thanks for sharing this. I hope I can protect my account better in the future. No wonder, experience is the best teacher.
Written by Faisal on 12.18.09
Ohh… This is scary. Hope none of your critical information is compromised.
Written by Vinod on 12.18.09
Happy to know that you restored your account but the event is scary, particularly to those having a lot of vital information online attached to email IDs.
One correction Amit – You have to provide another email address as the secondary email, and not Gmail. Google won’t accept Gmail.
Thanks much for the info, much appreciated !
Written by Mani Karthik on 12.18.09
Where can I find all the information you mentioned in step 3?
Written by YT on 12.18.09
Glad that you got your account back Amit.
The points which you have mentioned are really valuable for all GMail users. Thanks!Written by Ramanujam on 12.18.09
Hi Amit,
That’s was scary. Thank goodness you managed tor recover your email. How much you give that dude? What did Google say / comments?
I normally change my password randomly throughout the year. BTW how do we know when our gmail account was created if – like me – who have deleted all my old emails?
Written by calvin on 12.18.09
Amit,
Good to hear that you got access back.
I think some of your tips could backfire though,
The easiest password hacking is social engineering. Keeping that in mind the most vulnerable part of password security is the “recovery process”. So here are my tips
DO not reuse your GMAIL password anywhere else EVER
DO not use any meaning full password recovery question or answer. Chances are if you forget your gmail password because of amnesia, you probably will forget your secret answer too. Secondly, any hacker with good IQ will immediately change the recovery qn and answer, so it is useless against a good hacker. The only instance a recovery qn is useful is if you routinely change your password and you have forgotten your password. I have not seen any scientific evidence that routine change of password decreases the chance of hacking..
DO not use recovery phone number. Imagine this you, someone stole your phone, then figures out your email address. the nest thing they can do to is to go to google password recovery option and set a recovery request to send one via your phone SMS. so unless you think that you are never going to lose your phone do not do this
Do not use recovery emails to your work/or any other less secure email address. Again its easy to hack your work email and then make a recovery request of your gmail password to that work email. Even if you make a new gmail account and make that as secondary email address, its use is very doubtful as the first thing a good hacker will do is to update the recovery email.Written by Sam on 12.18.09
Good to hear that you got your google accounts back.
Written by Joel on 12.18.09
Useful information, so thank you for that. But there is a big issue here, and it is difficult to know how to proceed. Even if you knew the details of how you were hacked, you would not want to disclose them. But others with Google Apps accounts need to be able to do a risk assessment: is it reasonably safe to risk your data with Google? I suspect Google will eventually have to be more proactive in communicating about security.
Written by Sam Denby on 12.18.09
is there any way to get on-line the answers to #3? I don’t remember some of them.
Written by AC on 12.18.09
Please do not add HTML tags in your comments. All comments are moderated.Add a Comment
Very useful information.
