For some reason this morning one of my email accounts on Google required that I change my password on my phone. The details of this journey are outlined in this post.
Not sure if this was a hack or not, I went to my computer and tried to log in. It simply told me that I needed to create a new strong password. The one I had wasn’t bad, and like all of my passwords is unique.
I created a new password, and logged in.
On the phone Google Play Services stated: “There’s been a change to your Google Account. For your security, sign in again.” Now this account is a Google Apps account. As I write this, I tried to log in on my phone, and it will not allow the login, with the new password.
In my email account I found an email from Google: (I’m cautious because there has been a phishing scam using Google itself, so I read the following, but did not click on any links in this email)
Subject: Important: Security Alert for your Google Apps Domain
The following is an automated security notification from Google about your domain accounts.
Google has become aware of a security incident involving a password leakage that may have affected some users in your Google Apps domain: (my domain)
The following users were found on a publicly posted list of compromised credentials. Common causes of password theft are viruses, user responses to phishing emails, or the use of the same password on many different websites, of which one or more have been compromised by attackers.
1. To reset the user’s password, follow the steps in this Help Center article:
Inform the user of their new temporary password, and ask them to set a new password (it should not be a password used with any other sites).
2. To help check whether their account might have been compromised, advise users to:
- Check for filters and forwarding rules so that email is not being forwarding to suspect addresses.
- Check to make sure their signature has not been changed.
BEST PRACTICES FOR SECURITY
As an administrator, you may also consider implementing additional security features for your Google Apps domain:
1. Enrolling your domain in 2-step verification, which offers an additional layer of user authentication:
2. Completing the Gmail Security Checklist:
Additional Information about the activity of affected user accounts can be obtained by using the Audit API:
The Google Apps Team
What is amazing about this, is that I rarely use this email account. I have not clicked on any links that would have allowed my info to be stolen. So I’m a little baffled as to how this happened.
I guess this is a good time to remind everyone:
- Turn on two-factor authentication. This really isn’t optional any longer.
- Use a good strong password and only use it once per account.
- Get a password manager to help you with this. lastpass.com and 1password.com are good choices. I use mSecure which stored passwords locally. My preferred option since I don’t trust the cloud.
- If you haven’t changed your password in a while. Do it now!
- Never click on a link in an email. Even if you think it is from someone you know, and you think it is safe.
I don’t know how my information was retrieved, but it was, and I am very, very careful. So if it can happen to me, it can happen to you.
BTW: My phone after a restart is finally allowing me to log into my email account, and with 2-Step Verification. I also want to thank Google for keeping an eye out for our security. I would never know there was an issue if it wasn’t for Google watching out for me. Thanks Google!