Anyone's accounts being accessed from China?
I checked the "Last Activity" details and found there was an IP access from China, which would have no connection to me whatsoever.
I went to http://www.ip-adress.com/whois/ to lookup the IP address and was provided with this information:
220.127.116.11 server location:
Dangan in China
China Unicom Henan province network
Searching Google, found another user with the same issue
Can Google seek remedial action from this China Unicom Henan network to stop this madness, assuming the provided information is correct?
But first you need to check the bottom of the Inbox and make sure your account is not open at any other locations. If it shows additional locations, open the Details window and "Sign out all other sessions".
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]
Keeping account secure: https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account: https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info: http://www.google.com/help/security/
If your account is compromised: http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address: http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments: http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70
|Unknown||China (18.104.22.168)||May 12 (4 days ago)|
Right after I logged in, I sent one message, and then saw the warning about multiple IPs using the account. The other one was China (22.214.171.124).
I will follow the steps above, but I'm not seeing how this was hacked, unless Google's site itself has been compromised in some way.
No, there's the full checklist (posted above, and with more detail here: http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account )
But the BIG question is how they harvested your password in the first place. Did you use a computer infected with a keylogger or other malware. Did you get tricked with a phishing scam? Did another web-site you use get hacked and using a common password allowed them into your GMail account.
Until you fix that issue, your account is open to be compromised again.
I did look at the advice above and all was as it should be.
I only use a computer at home and work (a school) so that will limit keylogger/malware activity (I'm very careful with what I download/open). I guess the only (?) option is the other website and common password route.
I'll take more care though and see if that fixes things.
Because the person who compromised your account deleted them. Hackers often delete contacts, e-mail history, and often the entire account. That's why having your own backups are so important, so you can recover from a compromised account.
Some community members might have badges that indicate their identity or level of participation in a community.
Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:
- Post an answer.
- Having your answer selected as the best answer.
- Having your post rated as helpful.
- Vote up a post.
- Correctly mark a topic or post as abuse.
Having a post marked and removed as abuse will slow a user's advance in levels.
View profile in forum?
To view this member's profile, you need to leave the current Help page.
Report abuse in forum?
This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.
Reply in forum?
This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.