Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Could my email account hack be related to my computer being stolen the week before?

Question:

I had a Macbook Air that runs OSX version 10.6.8. The computer was stolen
last week and unfortunately I didn’t have iCloud or another app that I could
use to track it. Interestingly, my email was hacked a few days later. Although
my username was saved on my browser, my password was not. All the people in my
address book received an email from me with no subject and only one line link
in the body. I already read your article, “Why am I getting or sending an email
that only contains spam from my contacts?” and I’ve been following your
suggested steps. I changed my password and my password recovery settings and I
checked my other Gmail settings like forwarding, signature and so forth.
However, I believe my case is somewhat unique because I don’t have my original
computer anymore so I can’t follow other suggested steps such as installing a
firewall or checking for viruses. If there’s a relationship between my computer
being stolen and my email being hacked, I’d like to know what all I can do to
protect my account in the future.

In this excerpt from
Answercast #94
I look at the repercussions of having your computer stolen –
one of which is easy access to your email.

]]>

Email account hack after computer is stolen

Well, you’ve certainly everything you possibly can right now to protect your account. That is, like you said;

  • Change your password;

  • Change your recovery information.

That makes sure that the person who stole computer, the person who hacked your account, no longer has access to it.

Computer was stolen

I personally believe that it is simply too coincidental that the hack happened immediately after your computer was stolen. So I do believe that the two are related.

Exactly how they’re related, I honestly can’t say. It is possible that your password actually was saved somewhere. Perhaps in your browser’s password cache. It is possible then that the hacker could access that.

Easy access to mail account

One thought that comes to mind is, if at the time your computer was stolen you were logged into your email account, well; it’s very possible that the hacker didn’t have to login at all. It’s very possible all they had to was open the browser; go to Gmail or wherever your email account happens to be and start sending spam.

Prevent email hacks

It’s difficult to come up with a nice blanket recommendation for exactly how to prevent this in the future. Obviously, don’t let your computer get stolen is one of them – but the reality is that computers do get stolen.

That’s why it’s important, I think, that when you are traveling, when you are in a situation when your computer’s at risk, you don’t use things like standby, you actually shut it down.

You may want to password protect this installation. You might even consider using things like LastPass or other types of encryption technology to encrypt the sensitive data that’s kept on your machine – and never, ever, ever, ever let a browser remember your password because those password caches are often very easily hacked into.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “Could my email account hack be related to my computer being stolen the week before?”

  1. This does appear to be too much coincidence to dismiss. But, how much overlap can there be between these extremely disparate classes of criminals: the thief of opportunity at some local coffee shop or library, and the link spammer? And, how much cooperation would there be between the two? I can’t help but doubt that some ruffian who snatched an unattended computer would have any incentive to use an email access for spam purposes.

    On the other hand, I *would* change all those online banking and paypal passwords. If I had a stolen computer and a mind to exploit it, those are the websites I would be checking out, not email services.

    Reply
  2. On your stolen PC the spammer can easily see your address book, and your mail address. So he simply spoofs the “From” field; which is easy.

    Change your passwords, and be alert for anything unusual in the coming weeks.

    Reply
  3. Leo mentioned that the password might be found in the browser cache. I’d add that it can also be found in the swap-file.
    Erasing the swap-file every time you shut down seems like unnecessary overkill. What I’ve done a couple times when traveling, is to use the bios password.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.