Gmail was not working on my phone today. It worked yesterday, but not today.
When I got home, I tried logging in from my computer and got the message that my account was disabled due to suspicious activity. I thought about it and the only suspicious activity I had noticed recently was Gmail prompting me to give them my mobile phone number (I didn’t) as an account recovery tool, and my browser of choice, Chrome, prompting me to install a plug-in every few emails I read in spite of my repeatedly trying to install it. I’m thinking this may have been the problem.
When I finally got access to my account, yes, I did have to give them my mobile number despite the fact they had a separate email by which to contact me, I was alerted that there was activity on my account from an IP address they believed to be in Bosnia and Herzegovina, 17 hours ago. 5000 miles away. It wasn’t me. Not even if the Concord was still flying. It is about 10 hours by air one way.
I’m still miffed about having to give them my mobile number. They obviously did not need it prior to this incident. I’m not paranoid or worried about Big Brother. They already know, so get over it.
Do I feel embarrassed having my email hacked? Nope. Very large agencies including government, credit, international monetary and scientific groups have reported being hacked. Go ahead and Google a government agency or company plus the word hacked just for fun. You can imagine who hasn’t reported. So I am in good company despite having a smaller IT security budget.
This incident prompted me to read some of the Gmail forums. Some genius said that it was a shame no one read the forums (i.e. I am not having any trouble so therefore I will look for a solution?) until they were hacked. This would be good advice for some but not the majority who are happy just to be able to check their email and have the right things happen when they click something in Facebook.
One forum post listed browser plug-ins as a potential problem. No info on how to spot a bad one so, never install any plug-ins?
In a FAQ the question was posed, if Gmail sends me a warning, will that not tip off the bad guys? The answer was that Gmail sent the warning to the real account owner not the bad guys. My question is, “If Gmail can differentiate between the good guys and the bad guys, why make the good guys jump through hoops”? Make the bad guys verify themselves. The bad guys will move on. Send a note to the account owner to change their password.
For the record, when I set up my account on Gmail, my password registered as Strong on their Password-Strength-O-Meter (not the real name).
Why did I write this? I had a feeling it would not fit in the “Tell us how we are doing” form. Besides, it’s fun to let off a little steam.