4

Earlier today, I received an automated text from Google stating..

Google blocked someone with the password for (email address) from signing in to the account. Learn more: google.com/signins

I immediately changed my password. I checked where in the world the sign in came from, and it said Luang Prabang in Laos. I'm in the UK.

I only use this account so that I can subscribe to a number of users on Youtube, so I really can’t see why it’d be a target. I haven't had to type the password into this account recently (we’re talking months) as my phone remembers the password and stays logged in. I haven’t used this password on any other accounts of mine and would consider myself to practice good cyber security.

Unlike Colonel Panic’s question (How did someone log-in to my Gmail account from Kenya?), this was actually somebody else signing into my account.

My question is, how has a complete stranger managed to get access to the password for my personal account?

Cthulhu
  • 143
  • 1
  • 4
  • There's no guarantee it _was_ a complete stranger, they could be using a VPN, Tor, or a proxy that exits in Laos. – AndrolGenhald May 24 '18 at 14:53
  • Does it mention what type of device/browser was used to attempt logging in? – Sonickyle27 May 24 '18 at 15:33
  • @Sonickyle27 there was a computer screen icon so assuming a PC. No other info apart from the IP address! – Cthulhu May 24 '18 at 15:35
  • you can protect your account using a 2nd factor https://support.google.com/accounts/answer/185839?hl=en –  May 24 '18 at 17:07

1 Answers1

4

There were dozen possibilities for the compromise, Let me say the possible exploitation where hacker might got your password :

1)You might be reusing the same password again :

You might be having the password which was reused from any of the breached accounts, Inorder to check whether your account comes under breach you can check under sites like haveibeenpwned.There were sites like databases.today which provide breached database information too.

2)You might be victim of keylogger or any spy programs :

You might have copied a song/movie/software to a friend through USB drive and your friend might possibly sent keylogger or copied passwords along with it.

3)You might be used your gmail in open wifi hotspot :

This is the worst case of you being targetted , You might be signing in open wifi hotspot where your password might be sniffed.

4)You might be using weak password/your security question might be very easy to crack

5)you might be shoulder-surfed.

Now let's see what we can do next :

  • Never repeat passwords
  • Enable two step authentication for your gmail account
  • Clear all active sessions in your account
  • Check for apps which has authorization and remove it[privacy check of google does it]
  • Always have a habit of scanning pendrive before copying using antivirus scanners which is maintained uptodate
  • Never use weak passwords and have a eye over the security questions which you have set
  • Never signin at open wifi hotspots.
Community
  • 1
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63
  • 1
    Regarding open WiFi: Google in particular uses https, and uses it correctly: your password should only ever be sent encrypted to Google's servers even on open WiFi. – Ben May 25 '18 at 17:37