How to hack Gmail account (and protect it)
Is it easy to hack Gmail account? It could be. Despite Google claims about 100% security of Gmail now and then stories of hacked Gmail accounts make buzz around blogosphere. One of my Gmail accounts was recently hacked. It was an old account created just to support one project and not used very often. I was very disappointed when it happened. I tried to figure out how hacker got access to my account. For this investigation I assumed that Google doesn’t have any technical vulnerability in scripts or programming. I was just shocked to learn how many ways are out there to legitimately take control over your account and Google even helps hacker to do it. So what are the Gmail hacker options and how to protect your Gmail account from being hacked?
Your secondary email account has been hijacked
Just assume that before switching to Gmail you used email account from other provider and filled it in as secondary email into your current Gmail account. Then after some time this old email account was taken over because it was abandoned and not used by you. Or it was less secure and got compromised by hacker. Now hacker just need to fill out your secondary email and got control over your main current Gmail account. It’s that simple.
To avoid such kind of Gmail hacks check out settings for secondary email account and change it to something you currently use or remove it.
Hacker got enough info about your Google account
If you choose on Google recovery page checkbox ‘My account has been compromised’, Google gives you a lot of options to confirm that you are true owner of this account. The problem is that it gives as many options to someone who’d like to hack your Gmail. So what kind of information could be used to get access to your account?
- Names of four labels in your Gmail
- email addresses of top 5 frequently emailed contacts
- invitation to old email account
- verification code
- Url of your Blogger or Orkut profile
- Dates when you created account and started to use some of Google services
- most recent password you remember
- last successful login date
How to protect your Gmail account? That’s a tricky part: Google says that this system is completely automatic and how much information it needs and how many answers should match is also a mystery. For me it didn’t work. I couldn’t get access to my REALLY compromised account. Highly likely it worked for the person who hacked my Gmail.
Hackers learned answer to your secret question
It’s not that difficult to get such information as your first teacher’s name or your library card using social engineering hacks. Then hacker goes to Google recover password page answer your question and take control over your account.
How to protect yourself? Either chooses custom question not suggested by Google or give an absolutely not relevant answer to this question, for example, as a teacher name you can fill in your favorite hockey team name.
Some weird things how Google accounts operate
I was always suspicious why sign in and sign out process to Gmail accounts goes through national domains? It’s just crazy if I logged in to my Gmail in Australia, Canada and UK in the address bar I see how it redirects though all these domains google.ca, google. au, google.co.uk on every sign in and sign out. Is there any sense about it? What if national small domain would be taken over by hacker?
If I close tab with my Gmail and forgot to sign out, just assume someone put Gmail.com in the address bar right after me and voila, he got access to my Gmail account. Why the hell Google doesn’t automatically sign you out when you close a tab like many financial institutions do? The more crazy thing about it: you need just to get access to one Google service such as Reader or Calendar to get control over the whole account.Share This