My accounts have been hacked
August 28, 2010 8:24 AM   Subscribe

My Gmail and Facebook accounts have been hacked. I am aware of this thread. So, what I need to find is software that locates malware on macs, or any other suggestions on how to fix this mess. Please help!
posted by helios410 to Computers & Internet (11 answers total) 1 user marked this as a favorite
 
Odds are, you fell victim to a phishing attack, or somebody figured out your password through other means. AFAIK, there aren't any widespread Mac-based malware strains.
posted by schmod at 8:45 AM on August 28, 2010


Response by poster: Thanks Schmod.

Questions:

- Are there key stroke loggers that can track Mac key strokes?

- What are the odds gmail will actually give my account back to me? Has anyone had any success with this?
posted by helios410 at 9:01 AM on August 28, 2010


Have you followed the Google password reset procedures? Did you have an alternate email address and/or your cell phone in your Google account in order to attempt to reclaim the account? Have you tried any of this yet?

it is highly unlikely that your accounts were compromised because of a keystroke logger if these are the only accounts compromised. Did they share the same email login and password? Likely the hacker was able to get one because they got the other.
posted by micawber at 9:12 AM on August 28, 2010


Gmail account recovery link

Stop wasting time on here and start doing this
posted by micawber at 9:13 AM on August 28, 2010


Response by poster: It was pretty astounding to go through this. I was going through the password reset procedures as he/she was doing the same. So I received the reset code text on my cell phone, but by that time it was to late: he/she already reset account. My code would not go through. Needless to say, this individual also reset my secondary email.

Already filled out the account recovery form. I hope it works!
posted by helios410 at 9:21 AM on August 28, 2010


Response by poster: What is disturbing is my pword for my gmail is NOT the same for Facebook. My wireless is encrypted. I always sign out off Facebook and Gmail when I leave work...

I cannot figure out how this happened.
posted by helios410 at 9:23 AM on August 28, 2010


This might also be useful:

How to migrate your Google account to a new one
posted by briank at 9:40 AM on August 28, 2010


OS X Rootkit Hunter.
posted by scalefree at 9:56 AM on August 28, 2010 [2 favorites]


I just recently went through this. Can't speak to how your password got stolen, but there is a process for regaining access to your account.

If you are using your home computer at your usual IP address, go to sign into google. See below the login blanks? There's a link that says "Can't Access Your Account?" Click that. Do what it says. Be prepared to answer a lot of very detailed questions about how you use your gmail account.

With facebook, I emailed their security team from a throwaway address and explained the situation. They led me through what amounted to a pop quiz about my friends and social life - kind of hilarious in retrospect. When it became clear that I actually know who my friends are, they returned access to my account.

Quick question - have friends, family, and contacts been getting emails from you asking for money to bail you out of an international travel emergency? That's what happened to me. You will probably face several days/weeks of assuring everyone that you're OK and not trapped in a hotel room in Scotland.

Also, I'll say that despite all my fears of the hackers using my gmail account to access my funds (EVERYTHING was in there somewhere, if you knew where to look and what the information meant) or otherwise mess seriously with my life, none of that happened. It seemed they only wanted access to my contacts for 419 scam purposes.

Oh, and later I checked and it turned out they were logging in from Nigeria! Classic!
posted by Sara C. at 9:56 AM on August 28, 2010


A couple of other pointers -
Do not use computers that you are not sure are safe for logging in to things - So for example I do not use any computers than those I maintain for logging in to anything personal...that means no work issued machines, machines of friends, etc. If you have a smart phone that is what you use when your main machine is not available. If you don't have a smart phone I would use portable apps to log in to stuff, which is slightly more secure than using something you aren't sure is safe.

Use a password manager - If you use a Mac, use 1Password - every site gets a different password, for throwaway stuff they get random usernames as well. You only have to remember one complex password at a time with this and it will defeat some percentage of keystroke loggers.

Change all your account passwords - anything linked to the compromised gmail account needs to be changed at this point. You also should check the contact information on all of these accounts as well. 1Password is good for this, but you can also go old school and just write the passwords down on a piece of paper and keep that hidden as an alternative.

While everyone under the sun says it is a waste of time, money and resources I do run two things on nearly every mac I maintain - The first is Intego AV suite, the second is LittleSnitch which will tell you what is making outbound connections from your machine and make you specifically authorize outbound connections.

Always make sure your machines are patched and up to date, this also means making sure the latest version of Flash is installed and up to date.

If I had to guess the gmail account was compromised first, then they figured out what the facebook login was, went through the password recovery for it because the gmail account was linked to it and then worked their way back that way.
posted by iamabot at 11:25 AM on August 28, 2010


Response by poster: Thanks for the help and suggestions everyone. I was able to get my accounts back.
posted by helios410 at 11:44 AM on August 28, 2010


« Older UK male needs a new work wardrobe   |   Do I need a new couch? If so, advice for buying? Newer »
This thread is closed to new comments.