Wife's Gmail account cracked

[Phage]

We've changed passwords on all the accounts, and multiple different AV scans show nothing. Any ideas on anything I may have missed ?
Wipe and re-install ?

[kalniel]

We've changed passwords on all the accounts, and multiple different AV scans show nothing. Any ideas on anything I may have missed ?
Wipe and re-install ?

Browser cache/cookies. Consider adding some form of click jacking/clear frame protection via script stoppers/anti-phishing tools to the browser. Which DNS provider? Consider moving to google or openDNS. Check wi-fi/router security.

Is the account accessed on any other machines/devices? Mobile devices are quite bad for security as they'll often store logged-in cookies.

[Phage]

Using NoScript already on latest FF.
Router is on WPA2
DNs eh ? It's the standard for the ISP. I'll have a look when I get home.

EDIT: Yes - on her Android. Unlikely that's been cracked I would have thought. I know Andoid is full of holes, but without physical access, how would it get broken ?

[jimbouk]

Has she got any apps which she logs into google services with? They could easily be using her login once they have it.

[kalniel]

Using NoScript already on latest FF.
Router is on WPA2
DNs eh ? It's the standard for the ISP. I'll have a look when I get home.

EDIT: Yes - on her Android. Unlikely that's been cracked I would have thought. I know Andoid is full of holes, but without physical access, how would it get broken ?

Mobiles are often set up to auto connect to free wi-fi spots. Hacker only needs to use the same SSID as a free spot and your MID will connect to it, exchange packets, and if queried correctly, give up login cookies for things like facebook. No physical access required. I would have thought gmail is more secure than that, but could be wrong.

http://www.bbc.co.uk/blogs/thereport...king_wifi.html

[Phage]

Yes - this is the firesheep 'man-in-the-middle' atack ?
As she works in a rural area I had turned off the WiFi to save battery time. Also all Gmail is cinfigured to be SSl from the start now.

[Phage]

Has she got any apps which she logs into google services with? They could easily be using her login once they have it.

Just the usual - Gmail, Facebook etc.

[ArtAddiction]

Weak password?

I'd also recommend change passwords to other accounts associated to Gmail, i.e. Hexus, Amazon, that may have the same password.

My brother had his gmail account hacked a long time ago, not sure how it happened, it just did, although he couldn't access it via web, he will still logged in via a email program & managed to rescue the account.

[Phage]

Password was non-dictionary. Possibly too short at 6 characters though.
No sign of underhanded activities, but then all the other accounts have different passwords. Financial ones were very strong.