Here I was sitting, wasting time on Facebook, pretending to be doing some teacher stuff and some student stuff, when suddenly I began receiving notifications about my gmail passwords (personal and business) being changed on my alternate email address.
Now this was pretty frightening, as anyone who has experienced it would testify. I was sitting there, happy, felling safe and suddenly, a part of my world kind of was whisked away leaving a hole hard to fill. It took a moment to sink that I have become a victim like many others out there.
Then I started recovering my addresses. I followed the Gmail protocols and within 15 minutes I had my accounts back. (Something similar had happened to my hotmail account at the same time and I went through the process of recovering that too.) Then I signed up for Gmail’s two step verification on login from any computer other than my own computer. I also added alternate email IDs.
Google has a provision of seeing last account activity (the tiny link all the way down on the inbox page on the right hand corner. There was one suspicious IP address that wasn’t mine, common on all of my addresses. I wonder what good would that someone have had gotten from acquiring my email address.
Google has pretty impressive account safety tools, which I should have started using in the first place. Google also generates separate passwords for third party clients and services that do not yet have a two step verification process. So I have a different computer generated pass word for Gtalk. If I need to connect my Gmail account with some other service to search for contact, Google will generate another password for that service.
That brings me to why I think my account was compromised. I used my login info with Twitter to search for my contacts using twitter. And the very next day, my accounts were compromised. Since then I have revoked access to all applications and websites that were connected with my email accounts.
I got to know about the compromise immediately as I was online at that time. If I got to know late, my accounts could have been used for God knows what kinds of purposes. I hope I was quick enough to revoke accesses and recover my accounts.
I learnt my lesson to ensure that I am using all the available security options. Will you do so too?