So Your GMail Got Hacked
As I mentioned in the last two posts, this morning my GMail account was hacked. In the panic that followed I went through a lot of work trying to check to make sure all my other accounts were ok (Credit Cards, Paypal, etc) while at the same time trying to figure out how to get my account back. The surprising thing to me was that it was not obvious to me how to get through the help to the form I needed to fill out, and when I got to the form trying to find the verification information they wanted took some ingenuity on my part.
What would have really helped me was to have some simple directions to follow to find what I needed fast (to get the hacker away from my account as fast as possible). Seeing as how I did not find such directions out there I figured I would write my own to help someone else if this happens to them. The other part that caught me off guard was what information Google wanted from me in order to verify my the account was mine. Much of this info was tough for me to find, because I have been using GMail as my only personal email account since back in the early “invite” days. So I recommend that everyone takes a second to write down a few things while they have access to their account to save themselves a good amount of time later.
1. What every GMail user should have written down
To start with here is all the information I wish I would have had immediately available to me when trying to verify my account. Keep in mind that Google doesn’t need all of this to verify your account but the more you can give them the better chance you have of them verifying the account.
- Most recent secondary email. When you setup your GMail account you gave Google a secondary email account, this is the account they use for sending password resets etc. If you are like me then right now you have no idea what email address this is. You can look in your Google Account Settings (not GMail settings) under the “Change Security Question” link to find it, and if it is out of date update it.
- Email addresses of up to five frequently emailed contacts. This one might be easy for some people, but outside of my Wife I don’t send much email from GMail. The best way to find this is just browse through your “Sent Mail” and write down some email addresses you send too often. I was lucky enough to find a replica of this folder on my iPhone to figure this out after the fact.
- Names of up to four labels. I use labels to organize all my email, and hopefully you do too. If you do, write down four labels you use (and I assume the less common the better). I could have probably done this one by memory, but I did check the replica on the iPhone to find unique ones. Remember that being as exact as possible is important (Where are the spaces? What letters are Caps?, etc).
- GMail Invite Information. If you were invited to use GMail then that invite information can have a wealth of information that could be useful. Google will want to know “Invitation URL”, “The Gmail username of the person who invited you to create an account”, and “The email address to which your invitation was sent”. For me this was long enough ago that the invite is long gone, luckily Google didn’t hold that against me, but if you have this information find it and save it.
- Account creation date. This means your Google Account (which is probably the same date as your GMail account, unless you set it up earlier). Again if you have an invite this is easy, it is probably the date you got your invite. If you don’t, then in GMail you can click on “All Mail” and then goto the “Oldest” mail and as long as you don’t throw things away that should give you a good idea.
- When you started using other Google products (including GMail). All you need is a rough idea, but if you have access to when you started using any products write it down. I was able to put down a rough estimate for these so don’t stress about the exact day.
Remember that you don’t need all of this info, but the more you have to give them the better.
2. So your GMail got hacked, now what?
Note: This assumes you are locked out of your account
The simple answer is to go here (The link is current as of this writing, but could change)
If that doesn’t work you will have to traverse the help to find the form and unfortunately there is only one path that leads to the right place. Here are my directions:
1. On the GMail sign in screen click “I cannot access my account”
2. On the next screen choose the “My account has been compromised or taken over” radio button. That will bring up a link to the “account recovery form” follow that link. Update (6/24/08): The text of the radio button now reads “My account has been compromised”
3. This is where you need to be exact (choosing other options leads to other forms or no form at all). Select “No” when it asks about Google Aps, and in the list on products select “None of the Above”, then click “Continue”. This was complicated for me because I did have some of the above, fill out this “None of the Above” form first and then go back and fill out other forms if needed.
This should bring you to a form where you can put in the information listed in the above section. My request had a prety quick turn-around from Google (about half an hour) but I imagine depending on the information you give them this can be variable. After submission they give a “don’t call us, we’ll call you” sort of statement, so I imagine it could take a while.
3. Lessons Learned
I was caught off guard by all of this and I imagine pretty much everyone is, but it made me think about some ideas that I am going to use from now on “just in case”.
- Forward Email. It is pretty easy to find a place that will forward your email anywhere you want. The beauty of this is that if something goes wrong with your “backend” account you can immediately divert your incoming email to a different account. If the account allows you to save and forward that is even better because then you have a copy of your email “just in case”.
- Immediatly delete email that has sensitive information in it. You shouldn’t be getting email with sensitive information in it in the first place, but if you do don’t keep the email around. You don’t want to be stuck worrying about other accounts or personal information if you get hacked.
- Make sure you have multiple passwords for different purposes. Considering how many places just take email address and a password for login, you want to make sure that if someone gets your email password they can’t get access to many other accounts. My suggestion would be to have at minimum an “Everyday” password and a “Sensitive” Password. That way if someone gets your everyday password your sensitive information is secure.
I am sure there are plenty more tips out there, but these three were born out of my immediate concerns after getting hacked. I hope something in here is helpful to someone out there, and if you have more suggestions, tips, etc put them in the comments so all can see.