Warning to all Gmail users: Gmail can be hacked and hijacked. It happened to me.

But it gets worse, much worse. The “Gmail security Team” responded with such overwhelming incompetence as to make the original attack mild by comparison.

As background, I am a very experienced techie, who has always practiced safe and secure online habits. I was also a fan of Google/Gmail – I understood the bounds of what they seemed to offer and I was trusting of their claim to “make money without doing evil”. Sadly, they have become that which they once despised.

A quick version of what happened is this; like many Gmail users, I was setup to have all new emails forwarded to my primary email account. One morning I noticed an email that had been forwarded to people I didn’t know – from my Gmail account! In a panic I realized that the email that was forwarded contained a stray piece of information from which some banking details could be garnered. Over the next few minutes I looked on in dismay as I started receiving emails confirming my “new” “e-gold” accounts and my attempts to purchase foreign gold!

Seeking assistance with how to stop this crime in progress, I decided to try contacting my “friends” at Gmail whose focus it is to “provide the best user experience possible”. Amazingly, this is when the true nightmare began.

Not only did the Gmail/Google staff respond in a robotic and unhelpful manner, but after confirming the attack, all of my original emails and data were completely eliminated by the “Gmail Team”. That’s right – all of the personal and business data that was entrusted to Gmail has was simply eliminated. Even worse, Gmail made no indication of where the data went, who removed it and why, and who had access to it during their “investigation”.
Please understand, I was a true Google believer. In fact I had encouraged many friends to open a Gmail account. I was even considering installing the new Google desktop search tool on the day of the attack!
Gmail’s response to all of this has been wildly unethical and dangerous. It is very disheartening, but Google seems to have become that which they once despised.

If you know of any living breathing human at Gmail, who can even begin to explain this, please let me know. I really don’t think a “they have too many users to keep track of” justification can cut it. This is a serious problem – that has hurt real people. At any other large corporation or institution you can always eventually find someone who takes responsibility. Should we really trust our lives to something as faceless and non-responsive as Gmail? The V.P. in charge of Gmail is Jonathan Rosenberg, so I have used his contact info in my preliminary filing with the NWIC/FBI and the IFCC.

Please contact me with any information, experiences, or suggestions. I would be happy to provide you with as much corroborating documentation as you would like. I am just a regular guy going about his business and trying to lead an honest life – I won’t be the last one to have a piece of his security and trust squashed by this emerging monolith.
jeemail@walla.com

I get what your saying, but I might comment a couple things.

Google is still Beta, is it not? And Beta means nobody is responsible for anything, use at your own risk. And about everybody who releases beta software has a "your own risk" clause somewhere. However, I'm not 100% sure Gmail is still beta.

Regardless, it's disheartening. And on the other hand, it's just a mail service, not unlike the 10,000 other mail services out there, every one of them vulnerable to attack in some way.

Lesson to be learned:
Use Gmail strictly for any non-important stuff. I scale them (Gmail) on the same level as that utter piece of crap Hotmail.
I keep NO contacts on my Gmail and delete whatever is no longer needed.
Who needs 2GB or more for email? That's plain ridiculous!

For anything private/important/confidential I use a reliable email-provider.
It's www.utvinternet.com (AKA www.u.tv), and I can use it via webmail or POP3.
Best of all, it's free!
Six years now and I still have to receive my first spam!

http://mail.google.com/mail/help/terms_of_use.html Everyone sigining up to Gmail reads this and agrees. So did you (the agree part anyway) so stop whining.

BTW jee mail, I would be very interested in more details about your experience. Was it a bad password you picked that anyone could guess? Or maybe spoofed mail addresses? Or was it indeed a gaping hole in Gmail security that noone has heard about?

And I have to agree with RBS. If you want a "personal" service where a soft-voiced support person will help you through everything then a giant worldwide corporation is not the way to go.

Clarification: Gmail may delete all of your emails without explination

First off - to Vigilante, thanks for pointing out the duplicate. I apologize and removed it.
Yes, Gmail is still technically in Beta, although of course on 8/25 it opened to the public (with the new cell phone number requirement). So it does have a kind of "own risk" clause, I was totally aware of that. But, they also have a "Do no Evil" corporate policy. They make a small number of people obscenely rich, and their domination of the market places them in a position well beyond "10,000 other mail services". They have genuine muscle, and will likely influence the future of the internet. Pretty sad that they would use "beta" as an excuse for anything - I bet the auto and tobacco companies wish they could just claim their products were beta!
I never did, and never will, question email's essential vulnerability. This case was a good example of how even a careful user might get hit with some bad luck (I even shred my paper documents!). I guess my main point was not clear. I don't have a gripe with my account being hacked - it happens. I have a serious issue with how mighty Gmail responded and made the problem even worse.
Maybe an analogy would help.
Imagine you call the police to report a small item was clearly stolen from your home. You don't expect to get it back, but you at least want the police to know, so that they might be better equipped to protect your neighbors. Instead of the police showing up, however, a robot comes to your door. Without explanation, the robot proceeds to remove every object from your house.
I am still can't really believe this happened - and I really think that people should know about. The tech types will be fine. Maybe I am naive, but I am really most concerned with the grandmas and newbie's who were swayed by Gmail's famous "never throw an email away" mantra. Does Gmail make it clear that even a minor support issue could result in their 2 gb's of data being deleted with no explanation?

RealBlackStuff - Great points - and I will check out that provider. Incidentally, although vigilant, I am human. Of course, I assumed I kept important data off of Gmail. It looks like these (probably Indonesian) hackers were able to pull enough info of an old scan of some travel documents to attempt their (unsuccessful) theft.

Nodsu - I respect your right to defend a "giant worldwide corporation", and your docile acceptance of the forked-tongue legalese found in "terms of use" statements. At least somebody out there champions the right of a company to operate unethically - simply by waving the magic "terms of use" wand. Of course, this same "terms of use" (that every one so thoughtfully considers before clicking) states that Gmail/Google will: "detect, prevent, or otherwise address fraud, security or technical issues ... respond to user support requests ... (and) protect the rights, property or safety of Google, its users and the public". Whatever... I really don't care about the verbal skill of Gmail's new corporate lawyers.

As for the details you asked about. My password was good - I don't think anybody would even try to guess it. As I said, the account didn't really have much in it anyway - mostly just experiments with storing photos etc., nothing of real value that a pro would want. I would guess that it just got cracked incidentally by someone running random brute force attacks. I don't think it was spoofed because it was a relatively minor account that did not appear in many databases.
I don't think it was a "gaping hole" in Gmail security. I think it was probably just an amateur hack. I just found it troubling that Gmail's only recourse was to simply delete my entire store of data. I would have at least liked to know if they even fully deleted it, and who had access to it, and if they forwarded other emails from it.
Even though you champion Gmail's lack of accountability on this issue, I would like you to perhaps offer me some information as well. If you have heard of cases in which Gmail, or even other providers, engaged in this same practice - please forward me the details. I apologize if the "minor service issue = complete deletion of all emails" policy is as prevalent as you imply.
I do not need "soft-voiced" support, or whatever it is you are talking about. Someone like me, or you, or any of the people who responded to this will be fine. I am more concerned about people who don't understand this area as well.

If any of you have ideas as to how I might more effectively approach this matter, please let me know. I am aware that my initial post was not Shakespeare - but I sincerely respect your advice and experience.

Champion? Maybe you would like to read my post again..

"Gmail is a fraud - No security or Support" is a severe overreaction. The fact that you stumbled upon a clueless tech support intern (or something similar) does not make the GMail service insecure or unsupported. So you got shafted.. s*** happens. Google has hundreds of millions of users - what are the odds that all of them will be happy ever after?

BTW, you doing almost anything in our world makes some rich bastard even richer and there is nothing you will or can do about it.

jee mail.

You may be interested in this article relating to Gmail and Google; might account for some recent anomalies. Hasn't Google a base in Dublin, Ireland and if they have is it connected with their Gmail?

http://www.freelanceuk.com/1416.shtml

Regards

PFJ

Lack of decent one-on-one support is not uncommon for ANY world-wide corporation. A sucky experience with tech support? Everybody has a story to tell.

I am most dissapointed that they deleted all your data. This doesn't make any technical sense at all, and doesn't seem like it would "fix" any sort of issue. The only thing I can guess is that they don't create themselves access to your account to check your mail for nasties. So their only choice is deleting it all. But that can't be, due to laws that can allow the government to get your mail.
The other thing is that "something", screwed up your account so bad, they couldn't put it back together and just had to delete the whole thing and start over?

Here is sort of an oxymoron to throw out there. It's generally known that most "hackers" are not interrested in the "little guy", there's nothing in it. This may be why some no-name services churn along just fine with narry a problem. BUT on the other hand, the constant attacks on the big guys, always forces them to upgrade and make their system more robust and hack-proof. So which would you trust more? The one under constant attack with a, hopefully, rock solid setup; or the little guy that everybody just ignores, but could be easily hacked if there was reason?

Surely if somebody is good enough to hack right into Gmail, or hack Microsoft or a government page, they could take down any no-name service out there with their eyes closed.

I guess it just comes down to, in this digital age where all your data floats in lala land, nothing is 100% safe.

How to fight GMail fraud....

Jee Mail, I really hate to hear what you have gone through but let me share with you my personal security plan. See what happened was, you were victimized by your own credit rating, not GMail. See, me? Never paid a bill in my life and look at me now! puke:
To avoid having credit cards opened up in your name, just simply ruin your credit rating thusly voila! No credit company will touch you! How is that for a solution? :unch:

Nodsu - The title of my post was severe. It was obviously an attempt to get noticed and generate some responses. From these responses, I feel that a more specific and less lengthy recap will be better if I post again somewhere.
The idea that losing every single one of your emails without explanation is not “insecure” is ridiculous. Ask anyone who uses this board, and they will tell you that most big email providers are minimally secure at best. I did not even argue with the fact that Gmail is insecure – I really just wanted to warn people about the destruction of an entire email database.
In regards to support, I also find it odd that you would deny the following equation:
No genuine support = unsupported
Once again, it is strange that you give an example of non-support, i.e. the “clueless tech support intern”, as proof that Gmail is not “unsupported”. Honestly, I would truly like to hear your personal experiences with Gmail, and examples of how they provided you with excellent support.
I am also not intimidated by “rich bastards”. I have even met a few. And know a few. Guess what. They can be taken down like any other man. They only maintain their power when there are enough docile people who feel that “there is nothing you can do about it”.

Vigilante,
Thanks for the insightful ideas. I think the both of your hypothesis make sense. They may have simply blocked all access to any email prior to the hacking event – as a way of at least trying to stop further potential intrusions. I should really explore the idea that the database was simply blocked and not truly permanently deleted. That would still technically keep the emails available to authorities per their terms of use. It would be nice of course that a “human” at Gmail would provide a logical explanation. Also, why couldn’t my old emails simply be made available in an account with a new password?
I think it is more likely that this is flaw in Gmail’s security and that they have done it before. They probably gamble that since these hacking events are probably rare to begin with, simply deleting the whole lot is a safe way to go. And they also gamble that when this happens to someone they will simply roll-over or blame themselves.
Oh well. Again, no argument here about the need for thick skin in dealing with this stuff. The bottom line, however, is that I am very tenacious about this particular event. I really won’t stop until I either A} have an actual human describe what happened and clarify the policy, or B} warn every person I can that this “Mystery Gmail Deletion Policy” is lurking out there…
Great points about security, by the way.

Ok Devin, Enjoy your new position as chairman of the Federal Reserve!...

So you admit being a troll signing up to forums only to start flamewars (you may prefer the word "discussion"). Your name says it anyway.

Ok so if I get hit by a bird dropping I have the right to proclaim all birds dangerous and warn everyone that birds are evil. I will also tell everyone that any person saying that birds are cute and useful that they actually lie.

OK, so if it happens to you then it happens to everyone and is an universal truth, you being the thing that every service is measured against. S**t happens, the fact that it happened to you once doesn't make everything s**t.

Oh please do tell how we can take down the economy of the whole world.

"Often, a person will post a sincere message about which they are emotionally sensitive. Skillful trolls know that an easy way to upset them is to disingenuously claim that the person is a "troll"." - wow, what a great definition from a well regarded article regarding the origin of the phrase "trolls". This seems to imply that you are in fact a "skillful troll". Congratulations. The concept is new to me, but I am impressed by your skill. It must seem odd to you that I have discussed my experiences on several other forums, with the result being a calm and insightful interaction. How odd of me to engage in such a charade when my hidden agenda is to agitate "nodsu". Sorry if I can't get excited about your name. Yeah, my name sounds like Gmail - in a post about Gmail - I guess that really was a concern to you and I apologize.

Based on the ratio of birds to humans, one could estimate that at least several thousand people have birds dropping on them on any given day. That would mean that you believe that the fact that Gmail will delete all of your emails in certain situations is a common everyday occurrence for a vast number of people. I believe it is not. I have yet to find more than one other person that it has happened to. I respond quite well to common everyday inconveniences. However, were a bird to drop a large gold brick upon my head, I might react in a different manner. This would be what is called an anomaly. If a very unique, unexplained event occurs, one has the right to seek further information around it. The "birds are evil" remark, while colorful, is simply a poor example of the "straw man" rhetorical technique. (In case you don't know' this technique is when you present the opponent's argument in weakened form, refute it, and pretend that the original has been refuted.) I elucidated a logical concern regarding Gmail's security and policies - therefore all email is evil? Did I say that computers worship the devil too?
BTW, I do in fact think that many birds are cute. But I do not think they are as useful as you seem to feel.

As you probably have figured out by now, this is more use of the straw man. I also do not put so much faith in common phrases like "s**t happens". It might look god on a t-shirt, but sometimes the real world requires a more nuanced response.

uh, straw man? I pointed out that rich people are only human. Therefore I can take down the world's economy...? easy now...

Enough ranting here.
Sue them if you like.
Thread closed.