My Gmail Was Hacked!

Here's some advice I recently gave to someone for steps to take after getting hacked. If you have any questions, feel free to email me with them at my gmail accout of chinatablet.

Check your account settings (two places)

  1. (1st Place) : Click on your name (upper right) and select account. Check the security settings, and change any security answers, or change both question and answer.
  2. (2nd Place) : Click on the gear icon upper left, below your name, and select "Settings" from that menu.
  3. Search your email for the words "password", "pwd", "pass". This would give you an idea of other accounts they would have access to immediately. Typically, however, hackers will delete any "change password" emails immediately after using them to get to your OTHER accounts, such as Facebook, BANK, Apple, Amazon, credit cards, twitter, etc.
  4. Scroll to the bottom of the gmail webpage. On the right side, click on "Account Activity" and then on "Details".
  5. Consider setting up "two-factor authentication" on your gmail account. Typically, it would send an SMS to your phone as a secondary verification path.
  6. After all of above, change your gmail password again if any of the above showed signs of being active (forwarded emails, etc).
  7. Check your ITunes account and Amazon accounts for unusual activity. Change those passwords too! <smile>. Please do not use the same passwords on any of these accounts.

Why change all my other passwords?

Assume they used your gmail account to get OTHER passwords, such as facebook, twitter, bank, amazon, etc.  (All they have to do is click "lost my password" on another site and it send an email to your gmail account -- assuming you used the gmail account to register there). I actually have a different email account for some sensitive registrations.

Change ALL of those passwords too. Especially Apple ITunes, Amazon, other online catalogs, etc.

Use a password manager that stores on your local computer, such as Roboform (paid), or LastPass (free). Never use same password on different services.

If you find any evidence of other activity, consider alerting Google to it as well. They might have further logs to chase down hackers.

Gmail has a new "two factor" authentication system that you should take advantage of. "Authentication" basically means proving who you are, by typing in a password, etc. "Two factor" means that you have to prove who you are in two steps whenever you sign in on a new computer (you can still tell it to remember you). One example of a second method of proof would be if Gmail sent you an SMS code on your phone. A hacker wouldn't normally have your phone as well. Of course, that does mean that you shouldn't store passwords on your phone, in case your phone get's stolen!

In fact, please get in the habit of changing your email every 45 days or so. According to the FBI, stolen passwords often aren't used right away. Changing your passwords every 45 days or so on your important accounts could put a hacker back on the outside before he does anything nasty.

Other Tools

Consider signing up for Google's free "Account Activity Report", which is available once a month.

You can also read Googles own "Gmail Security Checklist" for more ideas.

Location of Settings in Gmail

There are TWO locations. Click your name for access to your general Google account. Click the GEAR icon for the specific gmail settings.

Location of Settings in Gmail

Forwarding and POP/IMAP tab in Settings

Check Forwarding Option

Account Activity Details

Click the "Details" link to get to the Recent Activity page. Scroll back through previous days if available.

Check Activity Page

Activity on this account

Be sure to sign out other sessions. There's also (not shown) a list of any other currently active sessions. This would include your iPhone, tablet, etc. so don't assume the worse if you have multiple sessions, but sign them all out here, just to be sure!

Sign Out Sessions

Activity Alert

Click the link to activate the activity alert. Note that it takes a week to disable this, so that hackers can't immediately turn it off on you!

Activity Alert Setting