Gmail account compomised but not sure how
December 29, 2011 11:39 AM Subscribe
My Gmail account was compromised a few days ago and the password was changed. I've since recovered it, but I'm wondering what could have caused it.
The password is very strong. It's an email address that I have not myself logged into in 6+ months, and never on this new computer (a Mac). I have not sent an email from it in 4 years. The few messages it gets get sent to my other primary Gmail email address using Gmail's POP3. This email address has the same password. it was not compromised. No other account uses the same password.
Looking at the recent activity, the account was accessed once from a Poland IP, a spam email was unsuccessfully sent to my small list of contacts, and then never accessed again. I've Googled the phrase in the email and its been posted to mailing groups, so it looks like the work of a bot.
Obviously I am changing all of my passwords, but I'm wondering what could have happened here, and what I could have done wrong to cause this to happen. Why/how would a fairly inactive email address that's only ever accessed through Gmail's POP3 be the target of this?
Any insight would be appreciated. I'd rather put the blame on myself than on Google.