Yes Virginia, Gmail accounts can be hacked and hijacked
Today, Christmas day (hence the lame Christmas-related post title), my Gmail account was hijacked and used to send spam to (apparently) my entire Gmail contact list. I have no idea how it was done, or exactly when, because I was not paying much attention to email today.
When I accessed my Gmail account this evening, I got a message requiring me to reset my password—which I immediately did—and found dozens of bouncebacks from inactive email accounts that were in my Gmail contacts list. Also a couple of inquiries from legitimate contacts wondering if my account had been hacked. Then I found I could not reply to those emails, as attempting to respond brought up a message from Gmail “You have reached the limit for sending email.”
Huh? I clicked on the “Learn More” link and found the following on Google’s support site:
In an effort to fight spam and prevent abuse, Google will temporarily disable your account if you send messages to more than 500 recipients or if you send a large number of undeliverable messages. If you use a POP1 or IMAP2 client (Microsoft Outlook or Apple Mail, e.g.), you may only send a message to 100 people at a time. Your account should be re-enabled within 24 hours.
OK. Seems fair enough. But since this happened sometime early this evening, that means I could go all day tomorrow without the ability to send email. And I can’t respond to those contacts who email me asking if the spam emails are legitimate; which is frustrating, and not very helpful to people making inquiries.
To those of you who received spam from my Gmail account, my apologies. To those who inquire via email about the suspicious-looking email sent from my account, I am doubly sorry I cannot respond. Wish I could say with assurance that it will never happen again. In the meantime, looks like I’m spending the day after Christmas resetting a few hundred passwords and beefing up security on my computer and various online accounts.
Spammers. Ho, Ho, effin’ Ho.