Have you or your friends had your Gmail accounts hacked for the purposes of shilling Viagra? The good news is that you're not alone. The slightly troubling news is that this mini-epidemic has been ensuing for quite a while in Internet time, and there doesn't really seem to be much news on what, exactly, is going on!
Google's official support forum has a lengthy thread on the hacks, started by someone who felt the pain on April 10:
Checking further I could see someone logged in to my account from Mobile device from brazil and I never use mobile device. Am from India only. Anyway changed my password.
Am not sure if this is a bug with gmail or GMAIL SERVER HACKED? I don't know how to report to gmail team ? How can a free account person contact gmail to report these kind of security issue ?
And the problems have persisted since then and spread; the thread is slowly filling with other victims, while my Facebook feed and inbox has been liberally sprinkled with apologies over the hack, which seems to target only a few members of each victim's contact list at a time.
The messages I've received from hacked contacts are pretty minimalist in their sales pitch: There's just an unfamiliar name in the subject line, and a cryptic URL in the body, which one assumes the recipient is more likely to click since the message is coming from someone trusted, or at least "trusted" enough to have the recipient's e-mail address. That URL redirects to a site offering cheap Viagra (of course). And there's proof that the mails were sent from the accounts themselves, and not via spoofed return addresses as often happens with spam; the messages are all in the victims' sent-mail folders, which should reveal that these boner-pill purveyors are not all that interested in covering their tracks.
A friend who had his account compromised over the weekend relayed his story, which is pretty much the same story as the ones posted on the aforelinked help forums, only with added customer-service agita:
When I checked to see the login log, it was normal except for Brazil. I was in and shut it down immediately. I am just paranoid that I won't be able to get back into my account. And you know, Google is useless — you can't call and talk to them.
He changed his password as suggested and flagged the account as compromised — which locked him out of it for 24 hours, making him wonder if he'll even have e-mail when all is said and done. (Surely Google's many server farms can spare him some backup space, but who knows!) It's also worth noting that he only logged into his account from his own computer and his mom's. (He's never used the mobile interface.)
One online security firm is speculating that the hackers are spoofing IP addresses from other countries while engaging in the account-compromising.
The way this is spreading — and the lack of official word on just what, exactly, might be going on — is enough to make you want to go back to the safe haven provided by Elm and Pine! Or, since both those programs seem to be dormant as far as being worked on, a hosting provider with a customer-service department, although now a lot of those places are outsourcing their e-mail services to Google too. So I guess just change your password for now and hope for the best?