2008-07-10
Tech

Someone hacked my Gmail!

Not really.

Google released a small update yesterday that adds information about recent activity on your Gmail account to the bottom of the Gmail interface.

Gmail account activity feature The new option in the Gmail interface

It also includes a link to further information, including details of IP addresses and methods that have recently been used to access your account. If anyone has accessed your mail in any way, it will be reported here.

Gmail Activity Information Argh! What is that?!

I checked mine the minute it showed up in my inbox, and was shocked to see a bunch of IP addresses listed, when I hadn’t been anywhere near my computer in the last five hours.

In the screenshot, the blurred addresses marked with asterisks are my home computer’s IP address. But there are two addresses there that are listed as having accessed my account through IMAP and “Mobile” access.

I have to admit here that I freaked out for a second. I couldn’t think where or when anyone or anything could access my account. Two addresses – 67.228.171.34 and 67.228.162.43 had snuck into my account and peeked at my stuff!

Let me just say at this point that neither of the addresses I just listed are doing anything wrong. I freaked out for a second. I’m writing this post to help out anyone else who has unidentified addresses accessing their mail.

But lets not get carried away. Before I truly started freaking, I wracked my brains for any other computers I might have set up to access my account, or for any other service I could think that could be using my mail. At this point, nothing came to mind.

Working backwards from what information I had, I ran a “whois” on the addresses.

http://whois.domaintools.com/67.228.171.34

The address belongs to “SoftLayer Technologies Inc.”, and I have no idea who they are, but further down the page I get the last bit of information I need to unravel the “mystery”. Under the “Additional Information” section is this:

network:Organization;I:Xoopit.com 67.228.171.34

And I rememberi I signed up for Xoopit, a service that searches my mail and finds all the photos and videos therein. Perfectly legitimate (I gave it my password), and totally not malicious. The other service turned out to be Zenbe.com, another free mail service (like Gmail) that has a few other nifty features. I tried it out a few months ago and forgot about it, but it happily kept fetching my mail from my main account all the while.

So, crisis averted. But the experience highlighted a couple of things for me.

  1. Don’t be a douche and don’t freak out so easily
  2. If you sign up for something that has potential privacy ramifications, write it down or keep a record somewhere so you know what services are accessing what.
  3. When you have access to a tool like thisii – use it. It only takes a second, and it can be incredibly useful. It reminded me of two services I’d forgotten about, and in future, could save me from a real problem.
Related articles by Zemanta
Zemanta Pixie
Footnotes
  1. and slap my forehead
  2. and like “whois”

Link Summary

SAVE Bookmark on DeliciousShare on FriendFeed

Tagged with

Licence information The original content in this post, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Australia License.

12 Comments

  1. Cyrus said:

    2008-07-09 at 9:49 pm

    Good stuff, thanks. Btw, you can access Gmail more securely using https://gmail.com instead of http://gmail.com. I would highly recommend doing this, and if you ever use public wifi, make it a habit because otherwise people can copy your cookies and get access to your gmail account (I've done it to myself, its surprisingly easy.)

  2. Josh Nunn said:

    2008-07-09 at 11:21 pm

    Cheers Cyrus, I use the secure version all the time, but a surprising number of people don't. In a perfect world Gmail would always use it. Well actually, in a perfect world, we wouldn't need to secure our mail would we? And you say you hacked your own account? How long ago? Was the exploit fixed?

  3. rune said:

    2008-07-10 at 7:18 am

    thanks, this was to great help

  4. Josh Nunn said:

    2008-07-10 at 11:15 pm

    Thank you for letting me know rune. I'm glad I could help.

  5. Big said:

    2008-07-21 at 12:57 pm

    Thanks, I was freaked out with the same problem.

  6. joshnunn said:

    2008-07-21 at 3:46 pm

    You’re welcome. I’m glad I could help.

  7. Predrag Stojadinovi? said:

    2008-08-11 at 12:51 am

    Hehe, I wish I saw this a few days ago before I went through the exact same thing :D Luckily I only had Zenbe IP in there so I found it pretty quick :)

  8. joshnunn said:

    2008-08-11 at 1:34 am

    Thanks for letting me know it was helpful.

  9. Nate said:

    2008-08-31 at 4:45 pm

    Someone Jacked my Gmail and Changed the Sig BLock only to spam my entire contact list

  10. joshnunn said:

    2008-08-31 at 5:02 pm

    How is that possible? What would changing the sig block do? Sounds nasty.

  11. Peter said:

    2008-10-08 at 1:10 am

    thanks! i had the same problem:)

  12. fabbaz said:

    2008-11-18 at 2:10 pm

    same happened to me just some time ago.
    seomoz ip lookup showed the ip to be somewhere in the atlantic ocean, but the adress is registered by softlayer.com in texas.
    i kicked all connections and changed the password. hope that helps…

Please Comment





You can follow any responses to this entry through the feed.

« Jungledisk – easy cheap reliable backup on any platform
This cartoon wrote a sweary word on your toilet wall. « the rut. »