Once hacked, victims' accounts send out spam e-mails that make it appear that the sender has been mugged. If you try to respond to one of these, your message will go to a dummy address. The spam message are tweaked so that the victim won't get your response if you hit reply all.
Sophos's Graham Cluley told the Guardian, "Our suspicion is that this is a Gawker-related incident. We know that people were using the same password for multiple sites and then others were trying to use the passwords against those accounts." You might remember that Twitter was hit hard by an acai berry spam attack following the breach.
Slate's Farhad Manjoo writes, "A password is the only thing separating your e-mail, banking information, and social networks from a bad guy," and unfortunately, a complex password with letters, numbers and symbols just won't cut it anymore. Adding an additional layer of authentication -- like the key fobs required by many companies for security -- cuts down on the potential harm of a stolen password. It might seem like a lot of work, but a thief who has gained access to your Gmail account also has control over your calendars, Google Docs, Gchat, YouTube account and, of course, years of your personal email.
Read on for five essential tips for protecting and backing up your Gmail account.
Head to Google's Accounts page, and click "Using 2-step verification" under the Personal Settings heading. Google rolled out the feature earlier this year, and it works with your smartphone (via Google's authenticator app or SMS) to send an updated verification code every 30 seconds. Yes, you'll need to have your phone with you when you access your email, but it's a much more secure system.
On your Google (not Gmail) account page, click "Recovering your password," and set up your phone to receive a password-reset code via SMS. In the event your account is hacked, head to Google's recovery page and enter your username to receive an automatic text from Google to start the reset process.
While you're on the "Recover Your Password" page, go ahead and add a secondary email address. If you simply forget your password or your account was hacked, Gmail will be able to send reset instructions to this alternate address -- again, head to the password recovery page. James Fallows writes, "If you wait until after you've had a problem to think of this step, it's too late."
The non-secure networks you'll find at coffee shops and in public places make your computer open and vulnerable, so we recommend looking at Gmail's settings. While it should be set to always use https by default, double check by clicking the gear icon in the top right of Gmail and then "Mail settings." Make sure "always use https" is selected, and scroll down to the bottom of the page to hit save.
Over 40,000 Gmail users got a scare earlier this year when the email service wiped out their accounts. Fortunately, Google was able to recover the accounts, but the mess clearly showed that Google's not infallible when it comes to data loss and downtime. The healthy shock made many consider secondary backup options, and we recommend checking out Hotmail backup, e-mail forwarding, desktop apps or paid services (or even all three) as ways to achieve email piece of mind.