Monday, April 19th, 2010

The Gmail Hack Mini-Epidemic!

Google's game will never be overHave you or your friends had your Gmail accounts hacked for the purposes of shilling Viagra? The good news is that you're not alone. The slightly troubling news is that this mini-epidemic has been ensuing for quite a while in Internet time, and there doesn't really seem to be much news on what, exactly, is going on!

Google's official support forum has a lengthy thread on the hacks, started by someone who felt the pain on April 10:

Checking further I could see someone logged in to my account from Mobile device from brazil and I never use mobile device. Am from India only. Anyway changed my password.
Am not sure if this is a bug with gmail or GMAIL SERVER HACKED? I don't know how to report to gmail team ? How can a free account person contact gmail to report these kind of security issue ?

And the problems have persisted since then and spread; the thread is slowly filling with other victims, while my Facebook feed and inbox has been liberally sprinkled with apologies over the hack, which seems to target only a few members of each victim's contact list at a time.

The messages I've received from hacked contacts are pretty minimalist in their sales pitch: There's just an unfamiliar name in the subject line, and a cryptic URL in the body, which one assumes the recipient is more likely to click since the message is coming from someone trusted, or at least "trusted" enough to have the recipient's e-mail address. That URL redirects to a site offering cheap Viagra (of course). And there's proof that the mails were sent from the accounts themselves, and not via spoofed return addresses as often happens with spam; the messages are all in the victims' sent-mail folders, which should reveal that these boner-pill purveyors are not all that interested in covering their tracks.

A friend who had his account compromised over the weekend relayed his story, which is pretty much the same story as the ones posted on the aforelinked help forums, only with added customer-service agita:

When I checked to see the login log, it was normal except for Brazil. I was in and shut it down immediately. I am just paranoid that I won't be able to get back into my account. And you know, Google is useless — you can't call and talk to them.

He changed his password as suggested and flagged the account as compromised — which locked him out of it for 24 hours, making him wonder if he'll even have e-mail when all is said and done. (Surely Google's many server farms can spare him some backup space, but who knows!) It's also worth noting that he only logged into his account from his own computer and his mom's. (He's never used the mobile interface.)

One online security firm is speculating that the hackers are spoofing IP addresses from other countries while engaging in the account-compromising.

The way this is spreading — and the lack of official word on just what, exactly, might be going on — is enough to make you want to go back to the safe haven provided by Elm and Pine! Or, since both those programs seem to be dormant as far as being worked on, a hosting provider with a customer-service department, although now a lot of those places are outsourcing their e-mail services to Google too. So I guess just change your password for now and hope for the best?

15 Comments / Post A Comment

johnpseudonym (#1,452)

are things going ok Awl?

not the type to be this forward, could've sworn i saw you by the gas station.

if you're not busy would you possibly view this here,

xoxox me

Sackin (#2,393)

Plus side of these hacks? Getting to see all the other random email addresses the sender has in their contacts list, since the hackers don't have the courtesy to bcc.

All weekend I was asking people "You'd tell me if I sent you a virus, right? Right?" Now I can just check my sent folder (it's clean so far!) Thank you for addressing this.

katiebakes (#32)

Hate to be the one to tell you but you have some Viagra links stuck in your teeth.

sox (#652)

I remained unreachable by phone all weekend and it was awesome. I have not listened to ANY of the seven messages my mother left.

sunnyciegos (#551)

It's not just gmail. Happened to my old hotmail account last month, so, people who I haven't talked to in 5 years who still have hotmail and aol accounts, haha. Sorry.

mjfrombuffalo (#2,561)

Me too, this weekend, Yahoo account.

bronwyn (#3,351)

Yep, totally happened to my Hotmail account a few months ago as well, someone purporting to be hocking off cheap Macbooks. One of my friends, clearly not so tech savvy, wrote back saying: "Hey, that is a cheap deal, thanks for letting me know".

The hackers also deleted all my inbox, and all my contacts. That was very annoying.

jfruh (#713)

ANOTHER DATA POINT: This exact thing happened to my wife about two or three months ago — except that she has a yahoo mail account, not Google. The link in the spam message was to a Google Pages or Base or Sites (or one of their damn thingies) page that had already been taken down by the time anyone who reported back to us had had a chance to click on the link.

The upside is all the random people who relplied to say "How nice to hear from you? That link doesn't work, by the way."

Hirham (#1,709)

I think I was hit by some google over-reaction to this last week- I haven't actually spammed anyone yet, but get so many of those fake 'unable to deliver'messages that gmail locked me out for a day.

On reflection, that doesn't seem like the same issue, really, and I've just seized this opportunity to vent. As you were.

Thanks for name-checking Elm and Pine; I'd forgotten they existed.

MikeBarthel (#1,884)

I currently have the much nicer version of Pine, Alpine, in one of my tabs. Admittedly I go to UW, but still.

gotham (#1,572)

this happened to me just this wkend. it was a friend's goggle account that got hacked though. same thing, name in subject line, and just a link. which, of course, I clicked on thinking he was sending me something.

Amy Urbanowicz (#4,483)

happened to me and 3 other people i know today, only 1 of whom was in my contacts…2 others were Aol accounts.

rosiefantail (#1,039)

Elm and Pine! I haven't used either of those since maybe 1998. I don't think I'd even remember how to use them if either one were on my computer right now.

Post a Comment