The State of Hacked Accounts

Orome1 writes "Most users get hacked at high rates even when they do not think they are engaging in risky behavior, with 62% unaware of how their accounts had been compromised, The results of a Commtouch survey presenting statistics on the theft, abuse and eventual recovery of Gmail, Yahoo, Hotmail and Facebook accounts, shows that less than one-third of users noticed their accounts had been compromised, with over 50% relying on friends to point out their stolen accounts. Also, more than two-thirds of all compromised accounts are used to send spam and scams, which is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders."

Re:This will never end

[IamTheRealMike]

I work for Google on anti-hijacking and account security. The message you saw is very common. The cause is that there was an attempt to abuse your account to spam your friends. One of the popular tools that does this identifies itself to Gmail as various types of mobile phone, which is why it shows up as such in your account history. In fact, it's a regular program that runs on the desktop. No XSS involved.

In this case, it sounds like we detected the hijacking attempt, rejected the spam, sent your account to phone verification and forced you to choose a new password. This is a standard procedure for when we detect a hijack attempt at mail send time. We're getting better at stopping these attempts at login time using heuristics, so it'll become less common in future.