My Gmail account got hacked. Google won't help. I need your advice.
Hi, someone is sending spam from my gmail address to my contacts.
I found out yesterday when a friend texted me saying he was getting spam from my address.
I logged into my account and found some failed delivery messages of emails I'd never sent myself.
There is no trace of sent emails left in the Sent Mail folder.
I also can't see any suspicious login activity in my gmail login history at the time the spam was sent or any other time.
The thing that's worrying is that they got hold of my contacts. It was an account I was not using directly any more, so I have closed that account now.
I have 2-factor auth enabled on my other accounts and have even changed all the passwords again.
I have reported twice to Google, but haven't heard back anything yet.
Edited to add:
I have looked at the original email message and the header does suggest it came from google. I reported the Message ID to google along with the full email message.
I also suspected it may be some app or service that I gave access to my contacts to, but I didn't see any in my app access list.
That's why I'm turning to you guys to ask if any of you've been in a similar situation, how do I secure my accounts, and trace down the cause of this particular incident?
Thanks See @ http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-... Bullet list includes
Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address] Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty] E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled] Additional Information
Keeping account secure: https://mail.google.com/support/bin/answer.py?hl=en&answ...
Protecting your account: https://mail.google.com/support/bin/answer.py?hl=en&answ...
More account security info: http://www.google.com/help/security/
If your account is compromised: http://mail.google.com/support/bin/answer.py?hl=en&answe...
Someone using your address: http://mail.google.com/support/bin/answer.py?hl=en&answe...
Google Employee comments: http://www.google.com/support/forum/p/gmail/thread?tid=560d5... Thanks lazloth. I've already read all of those threads and taken those measures to protect my account in the future, almost all of which I was already doing before my account got hacked. I only turned to HN because none of this helped me track down the cause of the breach in the first place. But I appreciate your help. Click the Details link next to the Last account activity line at the bottom of any Gmail page. That will give you a list of IPs signing into your account. I get a lot of those failed delivery messages though because I have my own domain via google apps. Someone scrapped my mail domain and fakes it in the headers, but I get the actual replies because I have it set so all addresses on the domain go to me. As I noted in my post, I have already looked at the login activity list, and there's nothing other than my own IPs and sessions. I have a similar domain via google apps setting that you have. I just don't understand how they got hold of my contacts, and don't know what I can do to prevent them from spamming my contacts again. Please check your pc. Is your OS, browser and browser-plugins up-to-date? Is there a browseraddon you haven't installed? Make a full virus scan. How do you know "they" are using your account rather than just using your email address as a "from". That used to be the most common way of trying to get SPAM past people's simpler filters. Might be worth checking what would happen if such an email was rejected from one of those email servers that bothers to send a response back - could explain it all. Yeah most likely someone got a hold of your address book and is just spamming your friends, unfortunately dont neet to hack your gmail todo that (there are a tons of ways of getting your address book). I would say to check the header of your spam e-mail on your friends mail box and see where the e-mail came from, if it was from google you might have some issue (maybe you gave some app or service access to your gmail, or have pop/imap enabled), if its not from gmail then dont stress about it, sooner or later the spam filters will pick up that its not from you ^_^ .oO( yeah dont hold your breath on google helping you on this, they really dont have any support! ) The header does suggest it came from google. I also suspected it may be some app or service that I gave access to my contacts to, but I didn't see any in my app access list. How does one get hold of the address book without hacking into the account or via a third party app that has access? You will probably be amazed at the number of web sites and phone apps that have had access to your contact list - just to get something done. Easy to forget when and when. Could even be that it was someone you know who has your email address who gave their contact list to this spammer (directly or indirectly). The bad guys could then have simply picked one email address as the from and got to it spamming the rest. Post the headers (after scratching out the email usernames)... there may be clues lurking. I'm trying not to leak any more personal info, so I'm not sure which parts of the message I can post publicly.