Gmail "Critical security alert" message, hacking attempt blocked (long post)

[mwilke43]

Hey, guys. Let me apologize in forward for this being a long post, but since this never happened to me before I just want to make sure I give you all the details to find out how this happened and help secure my account even more.

http://imgur.com/minU1zS

Recently I've received this message informing me that my account had a sign-in attempt blocked. Of course, this wasn't me since I've gotten this message both on my phone and my Gmail at 05:00 AM while I was sleeping so it leads me to believe that there was some hacking attempt and not some auto-login mistake some website or device I use made.

I live in Europe and the sign-in attempt was from the United States as seen in the picture below:

http://imgur.com/ClGJCcl

Now I have gone through all the Security Checkup steps from the link provided by Google in the first picture (assuming <no-reply@accounts.google.com> was from Google and not some phishing attempt) , and I have also scanned my computer for any malware using both Microsoft Security Essentials and Malwarebytes Anti-Malware (separately, not at the same time) and nothing was found, so I assume I'm safe.

I never give my passwords of any account to anyone and I'm extremely careful about what sites I use and where I log in with my Gmail account, so I honestly don't know how this happened. Any files I download I either download from a trustworthy source (Java, Microsoft, Google, etc...) or scan immediately with my antivirus programs to make sure it's safe to open.

I only have one suspicion as to what might cause this, and that is the recent Meltdown/Spectre vulnerability.

I have an Intel i5 2500K (2nd-Gen, Sandy Bridge) and a Windows 7 Ultimate x64 with the vulnerability patches/updates disabled. Now I know that I shouldn't have done that and that I'm exposing my PC to the vulnerability, the reason I did that is because those updates cause severe performance issues in video games, which is what majority of my time I'm doing on my PC.

Last question before closing:

When someone tries to access your account like this, do they actually get blocked and unable to change to change the password and use the account for any means? I'm asking this because my account is connected to my bank account and Paypal and other contact emails, so I'm wondering if those accounts as well are in jeopardy.

I've also removed any account access from unnecessary apps and websites in Manage Apps

This will be all, I hope someone will be able to help me figure this out. Once again I apologize for the long post.

Thanks in forward.

 

[jboydgolfer]

If someone tries to log into your account , you should get a verification code on the phone number you have set as a bacup if they forgot password, etc , did you get that verification code? Unless they have full access, it could possibly be an app, etc. id suggest you switch your password, and ensure all security measures are in place.

 

[RejZoR]

I recommend you start using 2FA (2 Factor Authentication). It's nearly impossible to bypass that. Or is way too much effort for casual script kiddies to bother with.

 

[FordGT90Concept]

Is the Check Activity link legitimate (goes to https://*.google.com)? If yes, change your password. If you haven't enabled two-step verification, do so. Should be all.

When someone tries to access your account like this, do they actually get blocked and unable to change to change the password and use the account for any means?

Yes.

 

[jboydgolfer]

if you havent already, choose to "sign out all instances of your account"

 

[mwilke43]

If someone tries to log into your account , you should get a verification code on the phone number you have set as a bacup if they forgot password, etc , did you get that verification code? Unless they have full access, it could possibly be an app, etc. id suggest you switch your password, and ensure all security measures are in place.

I recommend you start using 2FA (2 Factor Authentication). It's nearly impossible to bypass that. Or is way too much effort for casual script kiddies to bother with.

Is the Check Activity link legitimate (goes to https://*.google.com)? If yes, change your password. If you haven't enabled two-step verification, do so. Should be all.

Thanks for the replies guys.

Anyway, yeah I forgot to mention that I did enable 2-FA after changing my password (it wasn't enabled before), also yeah the link seems genuine, the full link is:

https://accounts.google.com/Account...=5&rfnc=1&eid=1580538925598487199&et=0&asae=2

 

[jboydgolfer]

Thanks for the replies guys.

Anyway, yeah I forgot to mention that I did enable 2-FA after changing my password (it wasn't enabled before), also yeah the link seems genuine, the full link is:

well, youve dont all you really can, id just suggest (as i mentioned above) that you sign out all instances, then keep an eye out.

 

[mwilke43]

well, youve dont all you really can, id just suggest (as i mentioned above) that you sign out all instances, then keep an eye out.

Got it, but there's still a problem of finding the source of this.

I genuinely have no idea how did they manage to find out the password to my account as I know for a fact that I don't sign in anywhere else except my PC and phone, and that I never log in to websites using "Login through your Google account" option.

 

[jboydgolfer]

there's still a problem of finding the source of this.

your likkely not going to , so, just deal with your end, and thats about it. Google doesnt log failed log in attempts, so there is no record of it, other than the message. its security worked, just take the steps and your done.

 

[mwilke43]

your likkely not going to , so, just deal with your end, and thats about it. Google doesnt log failed log in attempts, so there is no record of it, other than the message. its security worked, just take the steps and your done.

Ok, one more thing as I'm not 100% sure about this, but is it okay to leave the system without the Meltdown/Spectre patches like this ? Have there been any traces of these vulnerabilities being exploited/weaponized by malware creators and can this bypass AV programs ? The whole reason I did this is because of the performance loss people have reported on their sandy bridge and ivy bridge CPUs with Windows 7.

 

[jboydgolfer]

Ok, one more thing as I'm not 100% sure about this, but is it okay to leave the system without the Meltdown/Spectre patches like this ? Have there been any traces of these vulnerabilities being exploited/weaponized by malware creators and can this bypass AV programs ? The whole reason I did this is because of the performance loss people have reported on their sandy bridge and ivy bridge CPUs with Windows 7.

i wouldnt lose any sleep over it, but if its really bothering You, do the update for Your bios. what motherboard do you have?

intel says:
Intel confirmed that the performance loss will be dependent on workload, and “should not be significant” for average home computer users

regarding gaming, sources say:
Phoronix tested Dota 2, Counter-Strike: Global Offensive, Deus Ex: Mankind Divided, Dawn of War III, F1 2017, and The Talos Principle on a Linux 4.15-rc6 machine with a Core i7-8700K and Radeon Vega 64. None saw a frame rate change outside the margin of error range.

[ Further reading: The best graphics cards for PC gaming ]

Hardware Unboxed tested a handful of DirectX-based Windows games in the video linked above. With DirectX hooking so deeply into Windows, gamers were worried about a potential performance degradation there. Fortunately, Hardware Unboxed observed virtually no frame rate loss in Ashes of the Singularity, Assassin’s Creed: Origins, or Battlefield 1. Phew.

 

[Toothless]

I get these all the time. As long as you have a really beefy password and they didn't get access you're good.

 

[mwilke43]

i wouldnt lose any sleep over it, but if its really bothering You, do the update for Your bios. what motherboard do you have?

intel says:
Intel confirmed that the performance loss will be dependent on workload, and “should not be significant” for average home computer users

regarding gaming, sources say:
Phoronix tested Dota 2, Counter-Strike: Global Offensive, Deus Ex: Mankind Divided, Dawn of War III, F1 2017, and The Talos Principle on a Linux 4.15-rc6 machine with a Core i7-8700K and Radeon Vega 64. None saw a frame rate change outside the margin of error range.

[ Further reading: The best graphics cards for PC gaming ]

Hardware Unboxed tested a handful of DirectX-based Windows games in the video linked above. With DirectX hooking so deeply into Windows, gamers were worried about a potential performance degradation there. Fortunately, Hardware Unboxed observed virtually no frame rate loss in Ashes of the Singularity, Assassin’s Creed: Origins, or Battlefield 1. Phew.

The problem with these tests is that they were mostly conducted on the latest gen CPUs, so for someone who has quite old CPU i5 2500k (with AsRock Z77 Extreme4 motherboard which won't be getting any BIOS updates) Microsoft stated that the performance will be noticeable on older gen CPUs, even more on OS below Windows 10.

 

[jboydgolfer]

The problem with these tests is that they were mostly conducted on the latest gen CPUs, so for someone who has quite old CPU i5 2500k (with AsRock Z77 Extreme4 motherboard which won't be getting any BIOS updates) Microsoft stated that the performance will be noticeable on older gen CPUs, even more on OS below Windows 10.

Yeah they touched on older CPUs as well, gaming didnt show terribly massive impacts apparently. One of my kids is running an Ivy Bridge CPU, he hasnt seen any massive losses. (Win7 pro, i5 3570.)

you're faced with a decision ,do the patch ,or don't do the patch ,only you can make that choice. Unfortunately here we can't do anything about the situation, it is what it is, everyone needs to make their decision. I personally wouldnt even bother if it was my personal PC, but I dont mind wiping and starting all over as i keep backups handy, and have nothing on this PC that is "sensitive", but i wouldnt expect anyone to hack my PC either, nor would i sweat it. i hope it works out for You.Good Luck

 

[newtekie1]

Ok, one more thing as I'm not 100% sure about this, but is it okay to leave the system without the Meltdown/Spectre patches like this ? Have there been any traces of these vulnerabilities being exploited/weaponized by malware creators and can this bypass AV programs ? The whole reason I did this is because of the performance loss people have reported on their sandy bridge and ivy bridge CPUs with Windows 7.

Here is the thing with Meltdown/Spectre, and the other vulnerabilities they are finding, they can't just be exploited remotely to exploit them the malicious program has to already have administrator access to your computer. You have to run the program with the virus in it, and give it administrator level access, before it can do anything. At that point, it is easier to just install a keylogger than it is to try to use meltdown/spectre to get your personal info.

 

[RejZoR]

It's possible that Google blocked the login attempt straight away and nothing was compromised. They can track the login trends. If you're logging into account for several years from one location and all of a sudden there is an attempt for it from another continent, it's an alarm by itself. Or if you logged in same day in Europe and just hour later it's done from America, you know it can't be legit login.

Which gave me an idea for ProtonMail how to enhance their security... Nice

 

[Assimilator]

You're ignoring the far most likely scenarios:

• your previous password was insufficiently complex, allowing the attacker to guess or brute-force it
• you used your previous password on website(s) other than Gmail, and one of those website(s) were breached

Set a strong password, always enable two-factor authentication, and you will never have problems.

Here is the thing with Meltdown/Spectre, and the other vulnerabilities they are finding, they can't just be exploited remotely to exploit them the malicious program has to already have administrator access to your computer.

Incorrect.

 

[mwilke43]

Yeah they touched on older CPUs as well, gaming didnt show terribly massive impacts apparently. One of my kids is running an Ivy Bridge CPU, he hasnt seen any massive losses. (Win7 pro, i5 3570.)

you're faced with a decision ,do the patch ,or don't do the patch ,only you can make that choice. Unfortunately here we can't do anything about the situation, it is what it is, everyone needs to make their decision. I personally wouldnt even bother if it was my personal PC, but I dont mind wiping and starting all over as i keep backups handy, and have nothing on this PC that is "sensitive", but i wouldnt expect anyone to hack my PC either, nor would i sweat it. i hope it works out for You.Good Luck

How much performance impact did your kids' Ivy system suffered ? Some users report up to 30% and that isn't something I could sneeze at. Nonetheless thanks for everything guys, normally I don't bother creating threads like this because I don't care about any of my accounts being hacked since I only register on some gaming forums and help others out with walkthroughs and whatnot, I can simply change the password if it ever gets hacked and forget about it. This was troublesome for me as this was my primary email address which is connected through bank accounts and paypal etc...

 

[Assimilator]

Just to note, only Meltdown can be patched via Windows Update. Spectre requires a microcode update which is either part of the BIOS, or has to be loaded before Windows via a third-party (VMware) driver. Considering most motherboard manufacturers don't seem interested in offering updated BIOSes for anything older than Z170/X99, your only option to be protected against Spectre is to use the VMware driver or patch your BIOS yourself.

 

[mwilke43]

Just to note, only Meltdown can be patched via Windows Update. Spectre requires a microcode update which is either part of the BIOS, or has to be loaded before Windows via a third-party (VMware) driver. Considering most motherboard manufacturers don't seem interested in offering updated BIOSes for anything older than Z170/X99, your only option to be protected against Spectre is to use the VMware driver or patch your BIOS yourself.

I'm not sure will I fiddle with that. I think I'll just wait until fall of 2018-mid 2019 as I was planning to upgrade that time seeing as how my i5 2500k is already starting to show it's age by bottlenecking 1080ti.

Thanks for everything guys.

 

[jboydgolfer]

How much performance impact did your kids' Ivy system suffered ?

None that he has mentioned, he's big on csgo, and a lot of other games (much like many 17 y/o ), no losses.

I'm not sure will I fiddle with that. I think I'll just wait until fall of 2018-mid 2019 as I was planning to upgrade that time seeing as how my i5 2500k is already starting to show it's age by bottlenecking 1080ti.

sometimes i wonder if these "vulnerabilities are M$'s "reasons" for upgrading

 

[eidairaman1]

if you havent already, choose to "sign out all instances of your account"

Just change his password to something complex

 

[jboydgolfer]

Just change his password to something complex

Yup..... something like Password123 (the hackers never expect it to be SO simple) , or your social security # + your DOB

I usually spell numbers, and combine them with actual numbers , its pretty secure that way.

@mwilke43 use this tool, to test your password strength for brute force .

mine scored in the Quadrillions of years to crack

 

[Solaris17]

Got it, but there's still a problem of finding the source of this.

That wont happen. Most likely someone has a list of email addresses and is just putting them through a password table. Just make sure you don't have anything unnecessary using your gmail, apps that let you "login with your google account" in case one of them got compromised.

Here is the thing with Meltdown/Spectre, and the other vulnerabilities they are finding, they can't just be exploited remotely to exploit them the malicious program has to already have administrator access to your computer. You have to run the program with the virus in it, and give it administrator level access, before it can do anything. At that point, it is easier to just install a keylogger than it is to try to use meltdown/spectre to get your personal info.

Seriously. This just goes to show how seriously lacking security understanding is. Now every damn tool bar is going to be the product of meltdown or spectre. The reality is you will probably never even be vulnerable to this. the level of sophistication on the infection (which only even takes from running active memory and only a few BITS at that ) is complex and not worth "wasting" on the common man. I know I know you have "important" stuff on your PC but the reality is no one writes machine level exploits to get your FB password. There are far more interesting people on the planet. A+ for actually getting it. You restored my faith in security aware critical thinking skills.

 

[RejZoR]

Just one special character turns 3000 years into 3 million years

Or by going mad:
14,619,215,938,327,783 nonagintillion years