My unmonitored Gmail account gets compromised

Today seemed like just another day. Little did I know, in a span of about 20 minutes, the resulting set of events would be hugely embarrassing for me. I had barely woken up, when my phone started going bonkers with notifications coming from emails, chats & twitter replies. A glance at the notifications indicated that my email account had been compromised and phishing emails had been sent to every one in my contacts list.

[…]

So, what went wrong? It all boils down to a culmination of the PlayStation Network hacking, some bad habits from my yesteryear and some nice features from Gmail which resulted in the phishing email to look like it came from my current domain account instead of the old Gmail account. Let’s have a look at each vector:

  • PlayStation Network break-in
  • Not monitoring my email account
  • Password Reuse
  • Send mail as and Reply-to set to my domain address

Read a complete account of what happened over at techie-buzz

Super User ♦, Oracle Forms, PLSQL, Mangalorean, Rum, Beer, Chip.in, @preshit certified Lazyass, Bacon, Chicken Wings, iPhone 3GS, Gaming. More @ http://sbhat.me

2 Comments on My unmonitored Gmail account gets compromised

  1. Sathya says:

    Blogged: My unmonitored Gmail account gets compromised: Today seemed like just another day… http://goo.gl/fb/vPtNr

  2. Docless says:

    That sucks man. For the lulz at lulzsec’s expense, I downloaded that list those jerks released and emailed (via a script I wrote) as many of the pending victims as I could.. Though maybe that recent lulzsec list didn’t include PSN stuff… Annnnyway. Thanks for sharing, good reminders to keep in perspective.

    Cheers

Leave a Reply

%d bloggers like this: