I have been hacked !!! Please help !!

[zems]

I've just been contacted by the person who hacked my gmail. He was asking money to give me back. He changed passwords on some of my accounts and I could only retreive account at godaddy by phone. There is still more than 100 names that he can control now.
Can anybody tell me any phone number of google , I have google ads account also and money on it but I just can't find any phone for contact.

Please help me

 

[weblord]

contact at once the staff of parked.com here
http://www.namepros.com/member.php?username=donny

and report the abuse, prepare the screenshots as well to [email protected]

Someone just reset my account at parked fro this IP:

75.127.117.18

It is 100% the same person. As I can see it is not proxy, so if anyone can try to find more information it would be great.

Thank you

 

[Earthian]

yandig - since the story gingeman was describing was probably a little old it might have been in connection to the Google filter exploit





some scammers (were abusing that exploit) by making a site that when it was visited it opened Gmail in a small/tiny iframe ... if the victim was logged-in in Google , they had some script that quickly created a filter that forwarded the emails of the victim to the scammer's address





then the scammer went to a registrar and requested a password retrieve ... after receiving the duplicate email , he went to the registrar and either pushed the domains to his account or changed the password of the victim's account and therefore hijacking the whole account without changes in the WHOIS ... then he quickly tried to sell the domains usually at very low prices so as to sell them quickly





Google announced that they fixed that exploit (don't know more details regarding the fix though)

lastly , if someone has had a filter set up in his account before Google fixed the exploit , a user should go and delete the filter on his own (the fix would not delete the scamming filter)

​

 

[yandig]

Earthian - thanks for the info...+REP

 

[mf1983]

Hello,
I have the same problem.

The same person from [email protected].

He used Gmail account to transfer the domain
from ENOM to Godaddy.


Right now he blackmailed me,looking for 2500$.

The same attacker also hijacked http://makeuseof.com

More info on http://makeuseof-temporary.blogspot.com


Did anyone have more information about the attacker.

We need to stop him.

Please send me via PM.

Thank you.

 

[dlatua]

i dont understand how can someone hack gmail account? u shold be carrefull where do u post ur gmail account and also log in only at gmail.com

 

[mf1983]

There was a filter in my Gmail account.
After he transfered the domain he contact me via Gtalk ....If i wanna buy back domain
I said No....and after that he said that he changed my password of the mail and that I
use other account to contact him.

 

[dlatua]

but there are some questions which u answer when u create ur email

click on forgot pass and complete what is needed

or block the email buy trying too many pass (this will not resolve ur prob but ur domians will be safe :D )

 

[mf1983]

The attacker has changed the settings in my Gmail account.

He chahged also the second Email account for recovery.

I have contacte the G support and Iam waiting for answer.

He created the support ticketreseller of ENOM)

Hello,
I changed the contact info so I thought the EPP code changed,
So please reply me with new code or send it to [email protected]


Best Regards


Here's the IP address:

64.72.122.156

 

[mf1983]

Information

Is here anyone who has high contacts on Enom? (PM)

 

[goodkarmaco]

You guys are doing a good thing exposing this. Good luck.

 

[kev]

As you requested, here is the password for your account at parked.com:

xxxxxxxxxxxxxxxxxxxxxx

Date Requested: 2008-11-23 22:12:00 PST
Requester's IP: 66.186.34.250
Requester's User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

We thank you for your business.

Best regards,
Parked.com Customer Support


Someone trying to hack my parked account!

Anybody else?

 

[zems]

If you are using gmail, check all filters and forwarding.

 

[kev]

Another access

Date Requested: 2008-11-23 22:14:57 PST
Requester's IP: 125.164.214.66


Also, the auto generated Parked message said I used the "Forgot Password" feature at the same time those warning emails were sent. They'll be disappointed what they find in my Parked account thats for sure...

I dont want to say what kind of email I have just in case Mr Scammer is monitoring NamePros. Ive checked that there is no forwarding, no filters etc... and Im hoping everything is secure. is there any other potential way they can access my account?

 

[mf1983]

Everyone who use Gmail need to check account and all domains,
support tickets and legal boxes , vps for strange ips.

You need also to check your computer.

If is the guy from address [email protected] he has got
verry interesting history from the 2007.

Phishing sites,Moneybookers acc etc...

He using difreents gmail accounts .....I have found about 8 gmail accounts from 2007.

We have also publish the story.
http://digg.com/security/BREAKING_New_Gmail_Security_Flaw_More_Domains_Get_Stolen

 

[mf1983]

Everyone who use Gmail need to check account and all domains,
support tickets and legal boxes , vps for strange ips.

You need also to check your computer.

If is the guy from address [email protected] he has got
verry interesting history from the 2007.

Phishing sites,Moneybookers acc etc...

He using difreents gmail accounts .....I have found about 8 gmail accounts from 2007.

We have also publish the story.

http://www.makeuseof.com/tag/breaking-gmail-security-flaw-more-domains-get-stollen/

 

[kev]

I havent had anything stolen yet (not that I know of anyway...)

Ive just had a password request from 2 different IP addresses for my parked password?

im a bit worried with all these stories!

if anyone has any updates, post 'em here so we can get to the bottom of this!

thanks

 

[zems]

There is also option that he using keyloger. After that happen to me I didn't want to search in my computer is there any keyloger, I just formated everything and put new sistem so I can sleep without thinking about that.

 

[Earthian]

sidenote about keyloggers :

one smart trick against keyloggers when you want to log-in while using an uncertain computer (eg. in an internet cafe) is ...





to type your password with many random letters/numbers in between ... then use the mouse to delete the fake letters/numbers (mouse movements are undetected by keyloggers) ... leaving only the correct password elements before you click OK

​

 

[seven]

I copy and paste my passwords into fields. Does this protect against keyloggers?

 

[Earthian]

after searching somewhat more on keyloggers it seems that newer (key)loggers might possibly detect mouse operations (not sure about exact mouse positions/clicks , but depending on the program it could also be possible)

however , simple (read: older) keyloggers that log only keystrokes would logically be "tricked" with the random-letters trick described in my previous post

more in the wikipedia article on Keystroke Logging










seven - copy&paste does protect against the simple keyloggers that just log keystrokes

2 things ...

a. a website can retrieve what you have in your clipboard

go to http://hexillion.com/co and click on Browser Mirror to check what your browser reveals

(when I went some years back with IE5 or IE6 the clipboard field was populated with the data I had in my clipboard , today that I went with IE7 I got an IE pop-up whether I wanted the site to access my clipboard , to which I pressed Don't Allow)

b. check the wikipedia article at the top of this post ... both the random-letters and the copy/paste tricks are mentioned in the Non-technological methods of Keylogger prevention (Non-technological methods is the last paragraph of the article right above References)

​

 

[DanB]

i dont understand how can someone hack gmail account? u shold be carrefull where do u post ur gmail account and also log in only at gmail.com

More on this here: http://www.theregister.co.uk/2008/11/24/gmail_exploit/

Check the links in the article for further details.