I had a Macbook Air that runs OSX version 10.6.8. The computer was stolen
last week and unfortunately I didn’t have iCloud or another app that I could
use to track it. Interestingly, my email was hacked a few days later. Although
my username was saved on my browser, my password was not. All the people in my
address book received an email from me with no subject and only one line link
in the body. I already read your article, “Why am I getting or sending an email
that only contains spam from my contacts?” and I’ve been following your
suggested steps. I changed my password and my password recovery settings and I
checked my other Gmail settings like forwarding, signature and so forth.
However, I believe my case is somewhat unique because I don’t have my original
computer anymore so I can’t follow other suggested steps such as installing a
firewall or checking for viruses. If there’s a relationship between my computer
being stolen and my email being hacked, I’d like to know what all I can do to
protect my account in the future.
In this excerpt from
Answercast #94 I look at the repercussions of having your computer stolen –
one of which is easy access to your email.
]]>
Email account hack after computer is stolen
Well, you’ve certainly everything you possibly can right now to protect your account. That is, like you said;
-
Change your password;
-
Change your recovery information.
That makes sure that the person who stole computer, the person who hacked your account, no longer has access to it.
Computer was stolen
I personally believe that it is simply too coincidental that the hack happened immediately after your computer was stolen. So I do believe that the two are related.
Exactly how they’re related, I honestly can’t say. It is possible that your password actually was saved somewhere. Perhaps in your browser’s password cache. It is possible then that the hacker could access that.
Easy access to mail account
One thought that comes to mind is, if at the time your computer was stolen you were logged into your email account, well; it’s very possible that the hacker didn’t have to login at all. It’s very possible all they had to was open the browser; go to Gmail or wherever your email account happens to be and start sending spam.
Prevent email hacks
It’s difficult to come up with a nice blanket recommendation for exactly how to prevent this in the future. Obviously, don’t let your computer get stolen is one of them – but the reality is that computers do get stolen.
That’s why it’s important, I think, that when you are traveling, when you are in a situation when your computer’s at risk, you don’t use things like standby, you actually shut it down.
You may want to password protect this installation. You might even consider using things like LastPass or other types of encryption technology to encrypt the sensitive data that’s kept on your machine – and never, ever, ever, ever let a browser remember your password because those password caches are often very easily hacked into.
(Transcript lightly edited for readability.)
Next from Answercast 94- Why has my computer been locked by cyber cops?
This does appear to be too much coincidence to dismiss. But, how much overlap can there be between these extremely disparate classes of criminals: the thief of opportunity at some local coffee shop or library, and the link spammer? And, how much cooperation would there be between the two? I can’t help but doubt that some ruffian who snatched an unattended computer would have any incentive to use an email access for spam purposes.
On the other hand, I *would* change all those online banking and paypal passwords. If I had a stolen computer and a mind to exploit it, those are the websites I would be checking out, not email services.
On your stolen PC the spammer can easily see your address book, and your mail address. So he simply spoofs the “From” field; which is easy.
Change your passwords, and be alert for anything unusual in the coming weeks.
Leo mentioned that the password might be found in the browser cache. I’d add that it can also be found in the swap-file.
Erasing the swap-file every time you shut down seems like unnecessary overkill. What I’ve done a couple times when traveling, is to use the bios password.