Slashdot Mirror

← Back to Stories (view on slashdot.org)

Escalating Gmail/Spamming Attacks

Posted by kdawson on from the be-careful-out-there dept.

We've been getting submissions about an uptick in compromised Gmail accounts in the last few days, but nothing that could be substantiated. Robert McMillan did a bit of digging and now reports in PC World that "Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days. ... [I]n forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. ... Google says there's no Gmail bug. ... 'Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale.'" Here's how to tell if your Gmail account has been accessed by bad guys, and what to do about it.

3 of 139 comments (clear)

  1. Recent Security Theft at Google by teknopurge · · Score: 5, Interesting

    Wasn't that google sso (Gaia) code ganked recently? Wonder if it's connected....

    --
    Website Hosting
  2. GMail's Security is Crap by virb67 · · Score: 5, Interesting

    Gmail's security sucks and it's customer service is non-existent. Try getting Google to respond to your attempts to regain control of your own gmail account after it's been hacked.

    My friend had her gmail hacked recently. The hackers locked her out, changed her private info, and then sent this email to every single one of her contacts:

    "i'm sorry for this odd request because it might get to you too urgent but it's because of the situation of things right now,We are stuck in london right now,we came down here on vacation ,we were robbed, worse of it is that bags, cash and cards and cell phone were stolen at GUN POINT, it's such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but dont have enough money to get on a plane back home, and i need you to loan me some cash just to complete the ticket fee till we are back home to refund it back to you,i'm dead serious about this.hope to read back from you asap."

    The hackers then sat logged-in to her account pretending to e her, and chatted with her contacts via gmail chat begging them to Western Union cash ASAP.

    Over the course of many hours, we tried to regain control of the account via Google's automated system, but we were repeatedly denied. There was no way to contact an actual human being at Google. After a day of pleading on Google forums, control was finally returned to the accounts rightful owner, but the damage was already done.

    Google encourages people to trust gmail with their most sensitive personal data. I think their negligence and lack of response regarding their own products' defects borders on criminal.

  3. Re:Breaking in? by plf5403 · · Score: 5, Interesting

    My Gmail account was accessed by the Amazon EC2 cloud about a week ago. (http ://aws.amazon.com/ec2/ ) I have an 18 character upper/lower/numeric/special character password so I'm guessing it wasn't a dictionary attack. "Something" odd is definitely going on. I changed the account password as soon as I was alerted to the unusual IP and have been OK since, but I'm watching the access IP's like a hawk now. An no, I don't use this password for any other web site or application.