Following the recent hacking and publishing of Gawker Media customers' (commenters') email IDs and passwords (yes, passwords
- how dumb can that be?), I had been checking my Gmail account security - and I had a surprise when I did it (for details, read on).
SUGGEST YOU DO THIS WEEKLY: (if you do not already do it.)
Start up Gmail in your browser.
Near the bottom of the main Gmail page, it says something like:
Last account activity: 57 minutes ago on this computer. Details
When you click on "Details", you get taken to a page "Activity on this account". A table gives details of the 10 latest accesses, the 1st being your current session..
If you have any open sessions (e.g., if you left sessions open from another PC connected to the account, or if someone has open sessions from unauthorised access to your account), there will be a button that says to close them. Click on that button. The button will go away and you will get something like:
"This account does not seem to be open in any other location."
Now only you are looking at the account.
EDIT 2010-12-29 1112hrs: You have momentarily shut out any other users accessing your account. The objective is to move quickly and prevent any other account users doing anything before signing in again, by which time they will not be able to sign in, because by then you should have changed the account password and security question.
Scan the table for any Browser or POP3 accesses from IP addresses that were not yours from some other location or device.
Take a screen shot of it before doing anything further, because anything you do may scroll the oldest accesses off the table.
You can check the IP addresses here: http://projecthoneypot.org/search_ip.php
It will tell you which country it is in, and whether anything suspect has been reported for that IP address recently (i.e., it is still a "bad" IP address"). If they have the IP address, but no recent reports, then it means that they have had reports in the past, but it's probably OK now.
In any event, if there are any IP addresses that were not yours (either for browser or POP3 access), then:
* change your password immediately (make it a "strong" one);
* change the security question;
* SAVE all changes;
* whilst you are at it, get a second email address in the event you need to restore access to your account, having been locked out from it.
* whilst you are at it, set up the SMS alert.
I did all this, because, to my great surprise I had POP3 (reading current inbox messages) accesses from some US-based IP addresses. I have no idea what they were up to, but they can't do any more POP3 accesses now.
EDIT 2010-12-29 1112hrs: Because my IP address is in New Zealand, a U.S. access was categorically something unwanted or potentially malign.
Hope this is useful/helpful to someone.