Mysterious Gmail account lockouts prompt hack fears A substantial number of Gmail users have been affected by a potential but unconfirmed hack of unknown origin or purpose. El Reg learnt of the issue following a tip from a self-described "very security conscious" IT professional who got locked out of his Gmail account. This happened after one of his security phone numbers was …
It just happened to my wife: I just assumed it was a not-so-subtle method of forcing everyone to agree to their latest Terms of Service... probably the new clauses about introducing droit de seigneur and rights to the mortal soul of your first-born...
Had to dig out my email password since add with others I use it for accessing Google services and occasionally testing sending emails to a Google account.
All pc based sign insurance worked just done but had to redo the phone. I could be that the phone level cookies got expired on masse and that's what caused it but I'm not holding my breath for a quick (if at all) explanation from Google.
This happened to me months ago. Judging from google's response when I advised them of the issue, I was one of the first to report it. At least that's the impression they gave me. But please everyone, do not write this off as a bug or something else. Since my google accounts were hacked the following things have happened. My credit card was hacked, someone tried to log in to my iTunes account and my identity has been stolen and used in the UK. It took a while for these things to happen - around 3 months after I first started getting kicked out of my account. Don't listen to what google are telling you! They are not being honest with you.
For the record, I also experienced this on two accounts on two android devices (Friday evening). Interestingly, a laptop left turned on was still logged in and functioned fine. I couldn't however change the passwords for the accounts as google claimed the original password I typed was incorrect. Answering a few security questions got me a authorisation code which I used to log in and change my passwords. I haven't re-enabled access on the Android devices yet and won't until I get some news about what caused it.
Interestingly I had only hours earlier, made comments on FB regarding the extent of the capabilities of GCHQ for interception and attacks. I thought for a moment I was being 'slapped' by them :) for daring to comment about them. Not that my boring emails or SM posts would reveal much to them or are of any security concern, at least I don't think so ;)
same here... but my phone OS was Android 7.1.1 freshly compiled and published on February 23/24th by LineageOS.org...
maybe it's related to the upcoming March 2017 Android patch.... i noticed that a ton of Google apps have been updated at the beginning of this week, just before the re-authentication / reset happened.
I've had requests to sign back in to two different Google accounts, one a Gmail email address, the other a private email address. Both accounts needed to be signed back into on two PC's (Windows 10) and an Android (Cyanogen) mobile.
Both accounts have had 2FA enabled for 18 months+ and both use 14 or so char random passwords (managed by password management app).
Very strange...
'During routine maintenance [from 1pm to midnight PST yesterday], a number of users were signed-out from their Google accounts. This may have resulted in you being signed out of your account or seeing a notification about “A change in your Google account” or “Account Action Required.”
We hear your concerns that this appeared to potentially be phishing or another type of security issue. We can assure you that the security of your account was never in danger as a result of this issue.'
https://productforums.google.com/forum/#!category-topic/gmail/Kfsx8YjqAS4
So, cock-up rather than conspiracy?
It really did look like some sort of phishing attack. And certainly Google have now through lack of foresight opened up their user base to fall for the next one. They should have had a website explaining exactly why you needed to reauthenticate. Not a mystery popup!
I explicitly have no email on my mobile phone ...I do have several public email accounts, i.e. yahoo, gmail etc. which store your private emails on their servers. The problem with gmail so far has not occurred on my computer using Thunderbird with imap.gmail.com and SSL/TLS.
That could mean that the email client on your mobile phone has been compromised inside Android / iOS , or as the hack involves ponying up a new telephone number, that a couple of mobile telecoms providers are invaded on their side with malicious hacks.
Glad I read this article! On Saturday I found I couldn't access my Gmail on my mobile without logging back in and then later, noticed, on my laptop, that my Google Drive Sync was off, because, it turned out, I had to sign back in there too. Then Google sent me an email to my secondary email account telling me I'd logged in from a new machine (yes, I had just logged in, but no, it's not a new machine).
I didn't think anything of it, until my eldest daughter complained on Sunday that she hadn't been able to access her Gmail. I got her to reboot her phone and it too asked her to login to Gmail and then sent me an email (I'm her backup email account) saying she'd logged in from a new device...
Very odd and I'm not sure I like the fact that Google sit between saying nothing's going on, or they don't think anything is going on.
My experience was a bit more ominous. than the Reg article describes. I got a messge saying "Something is wrong. Please log in again." Suspecting phishing, I did the extreme thing: logged out of gmail, shut down my computer, booted a different OS, and went to my gmail account, where I was asked to provide my password. I did that, and haven't seen the problem since, but I really hate ominous messages popping up when I'm in gmail.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
