5

This morning, I've not been able to login to my Google Account.

Google says, my account has been compromised and I had to walk through account credentials recovery and verify (SMS to verify phone number, changing password)

Now, after securing my accounts again, is there any possible investigation?

I'm interested in:

  • Type of access (now saying unknown in activity log)
  • What data has been exposed during session
  • What settings was changed, if any ...

And I'm sure, that if anybody logged into my account, he didn't used his own computer, so the IP and location from activity log is kinda unhelpful.

Is there possibility of getting these informations?
And is it good idea to take some legal steps against the hacker, or it's unnecessary and/or impossible to take action?

Marek Sebera
  • 2,223
  • 3
  • 20
  • 27
  • 1
    Google is under no obligation to share this information with you. I have had this happen to me before, on an account I know for fact wasn't compromised, activity logs showed strange activity yet the activity from myself didn't match my location. One example is having mobile actvity from say NC while being in SC. – Ramhound May 16 '12 at 11:16

2 Answers2

6

The only thing you can do is take a look at the "Recent Activities".

You can find it by

  1. clicking on the gear icon at top right of your Gmail page
  2. then selecting Settings,
  3. scrolling to the bottom of the subsequent screen and...
  4. clicking the Details hyperlink at the bottom right, right beneath where it says something like, "Last activity in this account : xx hours ago".

When you click on the Details link, you'll have a list of all active current sessions for your Gmail account. You can close them by clicking the button, "Sign out all other Gmail web sessions".

You'll also find a table listing the last 10 access to your account. Try to find an IP address that doesn't belong to you, it might help. (But it's just an IP, and as you may know, this can be falsified :/).

That's the only thing you can investigate for sure.

But you can see if mails has been sent (look in the Sent folder, but maybe the attacker as deleted them, so look in the Trash folder. But again, maybe the attacker has deleted them for good).

You cannot exactly know what kind of information has been exposed (account password or access sent in your email, information regarding your contact such as email, telephone, etc, nor any settings that have been changed).

Now, I warmly recommend you to enable the two way authentication system from Google, in order to ensure an higher layer of security for your Gmail account.

ShieldOfSalvation
  • 173
  • 1
  • 9
Cyril N.
  • 2,649
  • 2
  • 18
  • 28
  • The two-way authentication will probably solve this to future. But I'm afraid, I won't get logs of `suspicious activity` from Google easily. That's the problem, as data in my account are business-critical and I need to know if anything leaked and what. – Marek Sebera May 16 '12 at 15:16
  • If your data are "business critical" you should start thinking seriously about on-line security (since you didn't have 2FA you probably aren't doing it now)... – Ricky Dec 18 '18 at 09:52
1

That would be a difficult process and the attacker might be using services like TOR or hidemyass, so the IP will not be the same as his location. Think why did the attacker choose you? How did he know your email address? Maybe you use your single account for both personal and business purposes.

I believe a person must have at least 3 email accounts:

  • 1 for Business
  • 1 for Personal Purposes
  • 1 for signing up on non-sense shit.
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
thepunjabigeek
  • 11
  • 1