General discussion

2 E-mail accounts hacked, virus or coincidence?

I have had two email accounts hacked in the last 2 weeks: one is a Yahoo account and one is a Gmail account. The Gmail was first, so I just changed the password (used a 12+ character, super-strong password) and my security questions (used very obscure answers unrelated to actual question).

Just yesterday my Yahoo account was hacked! Did the same as above, but I am kinda freaked out now. A second Gmail account hacked I could accept as a coincidence; Gmail has been getting hacked a lot lately. But both a yahoo and a gmail account hacked in the same 2 weeks is too much coincidence for me.

I have to beleive there is a backdoor or keylogger infection on my PC. Over the last 2 weeks I have scanned 3 times with Avast (nothing found) and 3 times with Malwarebytes (again nothing). Finally scanned with Superantispyware portable (don't want 20 anti-malware programs installed) and found 28 "Adware tracking cookies", which I deleted. But my understanding is that cookies CANNOT steal data or passwords, so I suspect I am still infected with something.

Am going to try Mcafee Rootkit detective today, but I am not too hopeful. I have a laptop running Win 7 Ultimate 64 bit, using Avast and Malwarebytes. I connect wirelessly through a Tmobile Linksys router using a MAC address list for security. I use Firefox with NoScript and adblocker; never allow NoScript to unblock any site that isn't pretty safe, like CNN, Treehugger, Yahoo, etc. I leave smaller sites blocked, if I can't read them with NoScript in place I just move on.

Any advice on this? Is it possibly a coincidence and I am being paranoid? Any opinions on what tools I should try next?

Discussion is locked

Follow
Reply to: 2 E-mail accounts hacked, virus or coincidence?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: 2 E-mail accounts hacked, virus or coincidence?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Gmail and Last account activity

Hi,

Try to login to Gmail email account and then click the link to "Last account activity" at the bottom of the page.
A new window will open that will display the IP address that have login to your gmail account. It should appear your IP address and location (country). Also how you accessed the gmail account e.g. POP (using email client), IMAP (using any device or email client), or web-based (using the browser).

If you will notice a suspicious IP address, immediately click on the available button to "logout all sessions" so anyone else who login, if any is disconnected. Change your password again and the security question.

Not sure if there's such option in Yahoo but I suggest to change again the Yahoo password and then the security question.

Try to clean the temporary files in Windows using CCleaner - http://www.piriform.com/ccleaner/builds (get the no toolbar, slim installer)

Try to scan using MalAware which require NO installation:
http://www.emsisoft.com/en/software/ax/

Or using online scanner by ESET:
http://www.eset.com/online-scanner

- Collapse -
Thanks! Gmail activity feature very cool

Thanks Donna! The "Last account activity" feature on Gmail is very nice. I checked it; no activity from anyone but me since I changed my password and other security settings. Nice to know I can monitor activity on these accounts!

Yahoo does not have such a feature. They do offer increased security for "Mail Plus" accounts, but at $20/year for security and features that lag behind Gmail, I will pass on that. Just have to hope I changed everything while nobody else was in there; it's not a critical account so I can dump it if I need to.

Sophos found a number of suspected rootkits, but all items were in IE's temp Internet cache. Sophos tagged them as "not recommended for removal", so I ran Ccleaner and re-scanned with Sophos and they were gone.

Will try the other links above. First hack I have had since 1998, when my hosting provider got hacked and my web page was replaced with a skull and crossbones by pranksters. I guess it's happening more and more. Sarah Palin and other high-profile accounts I can understand. But why hacking random individuals accounts is even done I can't imagine: if someone stole my identity they wouldn't get much.

I had just updated my resume the day prior to the attacks, and the same email address I use for that was the one attacked. Cannot help but wonder if there is not a connection. Either way, I have beefed up my passwords and other security measures, and I use different passwords for all my log-ins now.

Thanks Again!

- Collapse -
You're welcome. Few things to note only...

It's good to know that there's no suspicious IP address in your Gmail's last acct. activity.

I agree on your decision to pass on Yahoo! Mail plus since there is no guarantee that paying means "secure" from hackers.

Glad that the suspected rootkits are in temporary location only and that CCleaner has cleaned them easily. Note only that it's best to run another scan to ensure that there's no rootkit or other hidden malware that is invisible to traditional scanner. Eset Online scan can detect rootkit as well so give it a try also.

A note also about hacking on individual's online stuff. Some times it is actually not about "who" owns a site or account as target. Often, it is the vulnerability in the server or computer or software that makes it hackable.
Example: Your site is hosted but the software you use is vulnerable or the hosts' server is vulnerable. If the security fixes is not applied or using old version, it is easy for hackers to do what they want to do.

This applies also to any web-based online service like email, social networking. If there's open hole for hackers or malware creators to take advantage, then it's easy.

Glad you have accounts "up-to-date" now using new passwords and other security features is in use.

Happy

CNET Forums

Forum Info