Recently a large number of people complained about their Gmail accounts being hacked. It also looks like Google's team is hard at work on the threads claiming that it was the users' fault for not being secure with their passwords.
You may think that your personal email is not important but watch what even a low talent hacker can do once he or she has access to it. Your email is your weakest link. Even a basic low talent hacker will take your email and find your bank accounts, social media accounts, and other accounts you have associated with that email. Then, the hacker can put email rules in place so you never realize he is resetting your passwords on those services and gaining access to your most private and sensitive information.
Just a quick search on Google over the past week for "Gmail Hacked" or "Passed a Sign In Challenge" will bring up hundreds of reported instances. I even have an account that was hacked that has a completely unique password.
At the very least, this wasn't a simple low talent hacker logging into as many accounts as possible. Each account was logged into using a very specific sequence of events from random locations all over the world over the last 48 hours. This hacker most likely used some sort of zombie network to carry out the attack so he could log into a large number of accounts without raising too many alarms.
If this was simply a database of emails and passwords that a hacker possessed, as Google representatives are claiming in gmail support threads, odds are he would not have logged into so many accounts and changed the passwords from all over the world. Most likely, he would have silently gained access to these accounts and proceeded to exploit them for whatever monetary value he could.
So far Google's response has been that they are looking into the problem, and they did notice a large amount of SPAM being sent from Gmail this weekend. However, the only explanation Google has offered so far is that users must be using the same password in multiple places.
With email continuing to be a very critical part of our lives, here are some quick tips to help secure your email better:
1. Don't use the same password on your email as you do on your other accounts.
2. Turn on 2-step verification (two factor authentication for security folks) on your email. This is probably the best solution.
- 2-step verification requires a username/password and a randomly generated number that is sent to you via text or an app on your phone.
3. Use site images / sign in seal
- Phishing occurs when a fake site makes you think you are logging into a legitimate site with your email and password. Sign in images are images set by you so you know you are logging into the legitimate website. This is commonly used with online bank accounts.
4. Create separate emails solely for your bank accounts
5. Always run the most updated antivirus.
6. Ensure your browsers aren't running any plugins you are not aware of.
7. Try not to log in on computers you know nothing about or you don't own.
8. Always log in to your email via "https://" not "http://"
The best solution above is 2-step verification for both your email accounts and bank accounts (if your accounts support this feature). This ensures that your online bank accounts will remain secure even if your email is compromised.