Just thought you might want to know. Sometime during the day, someone took over my gmail account. It had a password made of 8 random letters and numbers. Admittedly this is a bit few, but normally brute hacking won’t work against someone like gmail since they won’t allow a re-attempt speed that can only be achieved by a robot.

I installed a Google News applet for my android phone today. I wonder if that may have been a malicious program – android does not control their free applet all that strictly, so that is a possibility. I may have given it my google account password indeed, which would be an insane thing for me to do given that it only delivers public news. I will have to reinstall it (once I get control of my android account) to see whether it really does ask for the password. Since it has a pretty Google logo, I may have fed it by habit. Worth checking.

I have filed a request for getting back control of gmail, which is luckily frozen. It has probably only been used to send a few thousand spam mail, in which case all my address book contacts will have gotten one.  I am not sure how much difference that makes: Since my gmail name is in hundreds of places anyway, a lot of forged mail with me seemingly as sender is already being belched out on the Net. I know this because I get several of these daily in my own spam box. Hopefully people will realize at a glance, as usual, that no that’s not him.

If a more creative organization had gotten hold of it, they could probably use it more efficiently. But it is already frozen, which means they probably jumped to the spam pump immediately. So there should be relatively little damage. I’ve changed a few other passwords, including to my old account at chaosnode.net.  The handle is the same, after all, and if you have known me for a long time, you probably have it on file already.

I provided Google with some pretty unique information (the complete url of the invitation mail I got when I first got gmail), so I expect to get it back within 24 hours.

A huge disappointment is that despite some 10 attempts, I never got the text message with a verification code, which could have unlocked the account automatically without fuss. Why?  Perhaps my text messaging in Android does not work when my google account is locked? That would be pretty idiotic, but you never know.

Well, that was fast! Control of Gmail is back in my grubby hands, with a new password that makes more sense to me and still no sense even to my best friends. I have also set different passwords on Facebook and Chaosnode.

The spam sent from my account was pitiful, with only random letters in the subject header. I can only assume that they are paid per mail, and their contract with the Mafia never said anything about the mail actually being read by anyone.

Special thanks to Fujitsu-Siemens, who made a PC so durable (despite numerous problems) that I could recover my correspondence from many years ago by simply firing up Opera and scrolling through the mail. Whew.

Also four thumbs up to Google for handling this quickly and professionally. It seems most of the mails were rejected before even getting to my contacts, as gmail detected a sudden change in behavior when the robot took over. Now the only thing that did not work as expected was the text message with the recovery code. It has still not arrived, so I think we can tentatively say that it does not work … either generally, or in Norway, or with Telenor Mobil, or with Android phones, or some combination.

It is quite disturbing how much e-mail really matters these days. I get my bills to that address, even.  I’d like to check out that applet and see if it really does ask for my Google password. But not today, just in case it has found some other way to steal it.  I have deleted it for now.  Your curiosity may vary.