RSS
Add to Chrome
How To: Find Out if Your Gmail Account Has Been Hacked

How To: Find Out if Your Gmail Account Has Been Hacked

Several handy tips for discovering if your Gmail account has been compromised by hackers.

Hackers are always trying to gain access to the email accounts of unsuspecting users, and unless you’re vigilant it can have disastrous consequences if they’re successful. Email providers like Google, for example, provide ever expanding storage space in which tons of emails containing sensitive personal information can be stored. A hacked email account can also be used to reset passwords for third-party sites like Amazon.com, eBay, or your financial institution, leading to the leak of sensitive banking information, credit card numbers, purchasing history, and more. Hackers can use Gmail’s contacts list to wage phishing attacks on friends and family members in your name.

For many the breach can go unnoticed for some time as we take it for granted that our email account is safe and secure. “It could never happen to me” seems to be a common refrain, but we forget that many times we’re logging into our Gmail accounts from unsecure locations like coffee shops and libraries where hackers can easily sniff Wi-Fi traffic and pick up user names and passwords.

If you suspect your Gmail account has been hacked or just want to make sure it hasn’t I’ll run through the steps necessary to find out for sure. I’ll also go over how to make your Gmail account even more secure to prevent future hacks.

 

Go to “Last Account Activity”

Open your Gmail account. Beneath the right-hand part of your Gmail inbox you’ll see the words “Last account activity” and a link for “Details.” Select “Details.”

Check Your Recent Login Activity

In the screen that appears you’ll see a list for all the “Activity on this account.” It’ll list your login sessions by “Activity Type” (browser, mobile, POP3, etc.), IP address, and the date and time your account was accessed.

 

Verify Correct IP Address Access

Does anything look suspicious? Did you access your Gmail account with a mobile device at 4 o’clock in the morning, for example? How about the IP addresses? If you see more than one you’ll want to make sure their from the places you’ve accessed your account, or at the very least from the right city and country.

Not sure what the IP address is for your location? It’s listed at the bottom, “The computer is using IP address ‘xxxxx’ (Country (State/Province)).” Does it match with what’s listed above it?

 

Google offers a free IP address lookup option; simply type “what is my IP address” in the browser. Check to make sure the numbers match up (keep in mind proxies, VPNs, etc. will distort the results).

 

Check for Concurrent Activity

The activity information screen will also tell you if your account is open in an another location. If it is select “Sign out all other sessions” and change your password immediately just in case.

 

Change Your Password

The days of using basic words or phrases are over. Gmail crackers using simple Dictionary attacks have made it easier than ever before to hack your account. A quick tip for creating secure and memorable passwords is to combine two or more words.

cat + dog = cdaotg.

Sprinkle some numbers and capital letters in there to be even safer.

CAT + dog + 491 = Cd4Ao9Tg1

Good luck trying to hack a password that’s “Cd4Ao9Tg1.”

 

Check Authorized Sites, Apps, and Services

I know of friends that have had their Gmail accounts compromised repeatedly, and all have failed to check what sites, apps, and services have been granted access to their accounts. Go HERE and check to see what is listed. Select “Revoke Access” for anything you’ve never heard of, or simply no longer want to allow access your to your Gmail account. The few the better is my motto.

 

Stay tuned.

[email protected] | @jaredmoya

Jared Moya
I've been interested in P2P since the early, high-flying days of Napster and KaZaA. I believe that analog copyright laws are ill-suited to the digital age, and that art and culture shouldn't be subject to the whims of international entertainment industry conglomerates. Twitter | Google Plus
Eugebel
Eugebel

Hi there!

I came across this post because I am trying to solve a hacking problem. Yesterday someone broke into my PayPal account and from that moment, my gmail related account started acting pretty strange and today I realized I am not receiving any emails from my contacts. I just checked the authorized access... section of this post, and found this enabled: accounts.zoho.com

Could this be the problem? I have no idea of what this might be.

Thanks in advance

Nene
Nene

Thank you I got hacked and this is so helpful

Anonymous
Anonymous

and after this post we find out that most of gmail passwords are “Cd4Ao9Tg1” :D

Jeff
Jeff

I would argue this article is useless in 2012. In 2008... it would have been fine. But the Threat Vector has changed since then, as has Google's Tools. First off, most IP addresses now are not static, but DHCP and/or Proxy derived. Which means that there is the potential of evil computers in your neighborhood or your office using (one of) your IP address(es). The casual reader will be confused to see that they may use any of 256/1024/2048 IP addresses in a range on their DHCP server, and/or that your entire office shows up as 1 IP address in the eyes of Google. Either way, the 'are you hacked' analysis is very short sighted. The whole premise of generating hard to guess passwords is stupid given that gmail supports strong Authentication now, via one time password (OTP) generators. OTP passwords are much better than complex passwords, and with the prevalence of smartphones, zero cost to implement. That and the fact the password gen process was harder than hard. Author should read the academic journals on password entropy and it's affects on password cracking before suggesting their algorithm (no non alphanumeric characters?). And the password generated would require it being written down, causing it not to be a 'secret' anymore. Better to use the xkcd.com (http://xkcd.com/936/) theory of 4 random words. And note, even that is not of much use if your browser/desktop is susceptible to a MiTM/B attack. Having a strong lock but no other security on your access is a false sense of security. If you haven't patched your OS, Browser, Flash, Adobe, Java, and all the other internet components, you shouldn't worry about password complexity, because they'll just steal it via a key logger, or just wait until you log in and then execute attacks under your session auth.

tom
tom

thank you, was really useful , nice tips



VyprVPN Personal VPN lets you browse securely