How do people hack accounts? Watch

This discussion is closed.
TVIO
Badges: 12
Rep:
?
#21
Report 4 years ago
#21
(Original post by hellodave5)
Maybe not brute forced then, just stealing from database sounds more likely.
What about old hardware? I hear its commonly stolen from sold on stuff? You can quite easily retrieve deleted documents. People often sell things like phones and PC's etc.
Most criminals are not advanced computer forensics experts. It's certainly not that easy to retrieve old documents if they were relatively recently.
0
Chlorophile
  • Study Helper
Badges: 20
Rep:
?
#22
Report Thread starter 4 years ago
#22
A factory reset of every device I own would take absolutely ages, especially my PC... is there nothing slightly less time consuming I could do? Particularly for my Phone (running Windows Mobile, don't actually have a USB connector so I can't back anything up at the moment) and my iPod (iTunes doesn't work on Linux so I can't back it up or restore it).
0
hellodave5
Badges: 19
Rep:
?
#23
Report 4 years ago
#23
(Original post by TVIO)
Most criminals are not advanced computer forensics experts. It's certainly not that easy to retrieve old documents if they were relatively recently.
But what about ordinary file retrieval software?
0
TVIO
Badges: 12
Rep:
?
#24
Report 4 years ago
#24
(Original post by hellodave5)
But what about ordinary file retrieval software?
Not amazingly effective. Even in absolute best case scenarios it's not much better than 50-50. And it's rarely going to be a best case scenario due to how hard drives work (overwrite certain sectors first, if it's been deleted it's near the top of the list for overwriting. Once it's been overwritten it's a practically 0 chance even for experts.)
1
miser
  • Forum Helper
Badges: 20
Rep:
?
#25
Report 4 years ago
#25
There are a number of different methods - bruteforcing (guessing over and over) being only one. Who knows what method the person from China did, but one of the main insecurities that exists today is password re-use. People tend to use the same password for a number of different accounts, so if a hacker can find one password, they can gain access to potentially several accounts.

There are a lot of different ways to find passwords. The three main categories I would say are: targeting the user's devices (e.g. keylogging software on your computer can record things you type); hacking a web service directly (if there is a vulnerability in the service they might not even need your password); and man-in-the-middle attacks (eavesdropping on the link between users and services, potentially recording plain-text data or encrypted content that can be later bruteforced).

When I was in school I used to hack things and one of the easiest ways to do it was just to trick people into giving you the data you wanted. One ruse I used was to tell someone of a method to hack the email account of someone else, by sending a special email with various details in it including the details of your own account (of course, you own the email address they're sending that 'special email' to). Another very successful method is to trick users into entering their login details into a form you own (e.g. by spoofing a webpage and tricking a user to using it).
0
slg60
Badges: 14
Rep:
?
#26
Report 4 years ago
#26
(Original post by Chlorophile)
So somebody apparently just logged into my gmail account from China which made me wonder, how do people actually hack into accounts like email accounts? Because I know that there's no way anybody could have simply guessed my password and given that gmail locks down accounts after a number of incorrect attempts, it couldn't have been done by repeatedly trying random combinations. So how do they do it?
google store passwords on hard drives I'm quite sure so they would probably had to have access to the network, which is so unlikely it is not that.

The alternatives are RATs and keyloggers, been on any shifty sites?
Thats all i can think of


or maybe man in the middle.
0
karmacrunch
  • Study Helper
Badges: 21
Rep:
?
#27
Report 4 years ago
#27
(Original post by Chlorophile)
So somebody apparently just logged into my gmail account from China which made me wonder, how do people actually hack into accounts like email accounts? Because I know that there's no way anybody could have simply guessed my password and given that gmail locks down accounts after a number of incorrect attempts, it couldn't have been done by repeatedly trying random combinations. So how do they do it?
(Original post by Edminzodo)
I often wonder this! Someone logged into my Gmail account from Philadelphia or somewhere on 16th July this year!
Out of curiosity, how do you know who logs onto your account? :confused:

Posted from TSR Mobile
0
Chlorophile
  • Study Helper
Badges: 20
Rep:
?
#28
Report Thread starter 4 years ago
#28
(Original post by karmacrunch)
Out of curiosity, how do you know who logs onto your account? :confused:

Posted from TSR Mobile
Got a friendly email from Gmail telling me that someone logged into my account from China and was this me?
0
Chlorophile
  • Study Helper
Badges: 20
Rep:
?
#29
Report Thread starter 4 years ago
#29
It's also a weird account to steal. I don't do anything with that email and nothing seems to have actually been done with it by my visitors. I've changed the password, reset my iPod and will probably reset my Phone if I work out how to.
0
fnatic NateDestiel
Badges: 16
Rep:
?
#30
Report 4 years ago
#30
plot twist OP clicked on pron ad.

Oh OP!

but srsly it is phishing.
0
mfaxford
Badges: 1
Rep:
?
#31
Report 4 years ago
#31
(Original post by Chlorophile)
Got a friendly email from Gmail telling me that someone logged into my account from China and was this me?
Are you sure it was really gmail than emailed you telling you someone logged into your account from China. I get lots of emails like that from Barclays, Lloyds etc saying something dodgy happened to my account and I don't even have accounts with them! There's lots of scams going around saying something bad has happened and to follow a link to confirm details. Generally those links lead to a bad persons site and pretend to be something else so they can get your account details.
0
Chlorophile
  • Study Helper
Badges: 20
Rep:
?
#32
Report Thread starter 4 years ago
#32
(Original post by mfaxford)
Are you sure it was really gmail than emailed you telling you someone logged into your account from China. I get lots of emails like that from Barclays, Lloyds etc saying something dodgy happened to my account and I don't even have accounts with them! There's lots of scams going around saying something bad has happened and to follow a link to confirm details. Generally those links lead to a bad persons site and pretend to be something else so they can get your account details.
No, it definitely was Google. Firstly, following the reset link did actually reset my password, secondly, it was from a [email protected] and thirdly, the log-in attempt is visible on my account's security history accessible from inside my account. But thanks for the idea!
0
Mad Vlad
Badges: 18
Rep:
?
#33
Report 4 years ago
#33
(Original post by TVIO)
Most criminals are not advanced computer forensics experts. It's certainly not that easy to retrieve old documents if they were relatively recently.
Most criminals don't write their own malware either, but the malware writers they buy their malware off are pretty familiar with techniques used to analyse and mitigate malware threats.
0
Mad Vlad
Badges: 18
Rep:
?
#34
Report 4 years ago
#34
(Original post by Chlorophile)
It's also a weird account to steal. I don't do anything with that email and nothing seems to have actually been done with it by my visitors. I've changed the password, reset my iPod and will probably reset my Phone if I work out how to.
Email accounts are never weird to steal. They're more valuable to a black hat than your online banking details.
0
Mad Vlad
Badges: 18
Rep:
?
#35
Report 4 years ago
#35
(Original post by Chlorophile)
So somebody apparently just logged into my gmail account from China which made me wonder, how do people actually hack into accounts like email accounts? Because I know that there's no way anybody could have simply guessed my password and given that gmail locks down accounts after a number of incorrect attempts, it couldn't have been done by repeatedly trying random combinations. So how do they do it?
Usually weak passwords or keyloggers.
0
karmacrunch
  • Study Helper
Badges: 21
Rep:
?
#36
Report 4 years ago
#36
(Original post by Chlorophile)
Got a friendly email from Gmail telling me that someone logged into my account from China and was this me?
Oh wow. O_o Do you know if other email providers do that too?

Wait, was that email sent to the email in question? What if the person (who logged into your account) had completely taken over your account by changing your password? Sorry for the masses of questions.
0
Chlorophile
  • Study Helper
Badges: 20
Rep:
?
#37
Report Thread starter 4 years ago
#37
(Original post by karmacrunch)
Oh wow. O_o Do you know if other email providers do that too?

Wait, was that email sent to the email in question? What if the person (who logged into your account) had completely taken over your account by changing your password? Sorry for the masses of questions.
That email was sent to the email in question and my backup email address. Whoever tried to log in was blocked by gmail, fortunately. Password was not changed by them.
0
VannR
Badges: 19
Rep:
?
#38
Report 4 years ago
#38
Go and ask this on www.hackforums.net. You'll find out all kinds of new things, trust me
0
yo radical one
Badges: 3
Rep:
?
#39
Report 4 years ago
#39
Keylogger?

When it comes to hacking, it's usually because the coding was bad and you spotted something the programmers didn't rather than some kind of genius method which works for everything.
0
tombayes
  • Study Helper
Badges: 12
Rep:
?
#40
Report 4 years ago
#40
(Original post by Chlorophile)
No, it definitely was Google. Firstly, following the reset link did actually reset my password, secondly, it was from a [email protected] and thirdly, the log-in attempt is visible on my account's security history accessible from inside my account. But thanks for the idea!
that email address is definitely not google. They don't use addresses like that.

Also, it would be very bad practice to have a password reset link inside the email.

Change your password now.
0
X
new posts
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Have you registered to vote?

Yes! (551)
37.84%
No - but I will (114)
7.83%
No - I don't want to (102)
7.01%
No - I can't vote (<18, not in UK, etc) (689)
47.32%

Watched Threads

View All
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise