Thursday, November 22, 2007

A Hacked Google Account

E. told me he had problems accessing his Gmail account. According to E., it all started when he received an email asking him to reset his password. E. says that email was legit, even though he didn’t click on the link in it, but rather asked Google via their phishing & abuse support address what happened. The next morning, it was Wednesday, October 24th this year, he wasn’t able to log-in to his account, as the user name and password didn’t match anymore.

Afterwards, E. used Google’s security center form, which is titled “I believe someone has broken in to my account.” E. didn’t receive a human response at first and was now wishing he had set up a better, more fail-safe system for these occasions. “Being locked out of a primary e-mail address, with important e-mail there, shouldn’t have to happen,” E. tells me, adding “Not only am I locked out of my Gmail, but my calendar, my bookmarks, Picasa, my blog, and with Google Checkout.”

E. continued to try contacting other support mails. In an email sent to support@blogger.com, he wrote:

Hi, I can’t access my account. (...)

I can’t access my 3 blogs: (...)

I have repeatedly tried to contact Google, I even sent a fax, but I haven’t received a response.
I don’t know if someone hacked my account, or what.
This has me scared, and the silence from Google isn’t helping.
If you can help me with this, I’d greatly appreciate it.

Mails sent to Blogger support or AdSense support received only automated replies, though. The Google Checkout team did respond to him, however, telling him he shouldn’t worry about credit card fraud as “Only the last four digits of your credit card number are visible to anyone.” According to E., Google then did get back to him on October 29th, with an email letting him know that his account had been enabled again:

We have completed our investigation and we are re-enabling your access to this account. The account settings have been restored to the first name, last name, and secondary email address that you provided.

We sincerely apologize for what you have experienced in this regard and appreciate your cooperation and understanding.

The email then continued to give tips on how to choose a good password and security question. Google didn’t tell him what happened though, E. says. But he did notice after being able to log-in successfully again that his nick name in his “My Account” settings page was set to “Tom” and the zip code “10001," values which E. says he never provided. After he sent an email telling Google he’s now concerned enough to think he is “a victim of identity theft,” pleading for their help, the Google team replied with the following on November 5th, according to E.:

In accordance with state and federal law, it is Google’s policy to only provide information pursuant to a valid third party subpoena or other appropriate legal process.

If you have additional questions about obtaining such information, please feel free to contact us at legal-support@google.com.

Today, E. has started using Fastmail as his webmail service, he says, being disappointed with Google’s support turnaround time (knowing that Gmail is a free service, he now thinks he might get better support at paid services). E. says he also realizes it was his own fault for putting all of his eggs in one basket, relying solely on Google. “What then happens if the handle breaks on that basket?”

A Hacked Google Account by Philipp Lenssen | Comments (41)

>> More posts

Advertisement