|
Title: MY android Phone was compromised Need some Suggestion . Post by: aakashkumar on January 29, 2014, 12:09:11 PM :o :o
Today(29.01.2014) 1:31 PM a someone (37.221.173.228) hacked my Gmail account and he recovered BTC-e and Cryptsy Passwords. I think he stole my gmail Password from My New android Phone (No antivirus installed on this Phone, I installed few apps and game from playstore, amazon and some blogs) http://s28.postimg.org/s7xufn2fh/ADDDDD.png hacker ip details : 37.221.173.228 Voxility 68.191.222.227 I didn't enable 2-step verification factor authentication on this account because all linked accounts (btc-e,cryptsy and Gox) are inactive(0$) :) as per my knowledge i he got nothing for hacking me , so am planning to Give some Reward ;D For Him (37.221.173.228,68.191.222.227 ) if he contact me. http://s30.postimg.org/6qw8j56w1/ADDD.png am new to android please give some suggestion about android security Title: Re: MY android Phone was compromised Need some Suggestion . Post by: dashingriddler on January 29, 2014, 01:21:08 PM When i was accessing my gmail from another country, it sent some code to my phone and wanted me to confirm it before it could let me login. there was of course an option if i did not have the phone which i think it would ask answers for some personal info and security questions. strange it did not happen on ur gmail account.
Title: Re: MY android Phone was compromised Need some Suggestion . Post by: aakashkumar on January 29, 2014, 01:35:28 PM When i was accessing my gmail from another country, it sent some code to my phone and wanted me to confirm it before it could let me login. there was of course an option if i did not have the phone which i think it would ask answers for some personal info and security questions. strange it did not happen on ur gmail account. i use few gm accounts . one is for General use other account for financial use . I enabled 2-step authentication on all other gmail (financial) accounts except this one. i thought android device was safe, but Its Not . from Now where i never trust android device . Title: Re: MY android Phone was compromised Need some Suggestion . Post by: dashingriddler on January 29, 2014, 01:40:27 PM you doubt it would be android phone but you can never be sure. there are hundreds of millions if not billions those use android phone.
i frankly dont think an app can really steal your gmail password. i believe it will be encrypted on your phone. possible that app acted like a key-logger. Title: Re: MY android Phone was compromised Need some Suggestion . Post by: dishwara on January 29, 2014, 02:30:22 PM Never install app outside google play.
Always avoid app which comes with .app extension, outside google play Title: Re: MY android Phone was compromised Need some Suggestion . Post by: Benson Samuel on January 29, 2014, 06:21:06 PM :o :o Today(29.01.2014) 1:31 PM a someone (37.221.173.228) hacked my Gmail account and he recovered BTC-e and Cryptsy Passwords. I think he stole my gmail Password from My New android Phone (No antivirus installed on this Phone, I installed few apps and game from playstore, amazon and some blogs) http://s28.postimg.org/s7xufn2fh/ADDDDD.png (http://s28.postimg.org/s7xufn2fh/ADDDDD.png) hacker ip details : 37.221.173.228 Voxility 68.191.222.227 I didn't enable 2-step verification factor authentication on this account because all linked accounts (btc-e,cryptsy and Gox) are inactive(0$) :) as per my knowledge i he got nothing for hacking me , so am planning to Give some Reward ;D For Him (37.221.173.228,68.191.222.227 ) if he contact me. http://s30.postimg.org/6qw8j56w1/ADDD.png (http://s30.postimg.org/6qw8j56w1/ADDD.png) am new to android please give some suggestion about android security Have you used the same username and pass on any other Bitcoin related service? Title: Re: MY android Phone was compromised Need some Suggestion . Post by: subvolatil on January 29, 2014, 06:43:49 PM :o :o Today(29.01.2014) 1:31 PM a someone (37.221.173.228) hacked my Gmail account and he recovered BTC-e and Cryptsy Passwords. I think he stole my gmail Password from My New android Phone (No antivirus installed on this Phone, I installed few apps and game from playstore, amazon and some blogs) http://s28.postimg.org/s7xufn2fh/ADDDDD.png (http://s28.postimg.org/s7xufn2fh/ADDDDD.png) hacker ip details : 37.221.173.228 Voxility 68.191.222.227 I didn't enable 2-step verification factor authentication on this account because all linked accounts (btc-e,cryptsy and Gox) are inactive(0$) :) as per my knowledge i he got nothing for hacking me , so am planning to Give some Reward ;D For Him (37.221.173.228,68.191.222.227 ) if he contact me. http://s30.postimg.org/6qw8j56w1/ADDD.png (http://s30.postimg.org/6qw8j56w1/ADDD.png) am new to android please give some suggestion about android security Have you used the same username and pass on any other Bitcoin related service? guys you should always have a security practice of having three email accounts. one personal(Only the most trusted people get's it, and have it secured using two factor), one commercial(Banking, Bitcoin and financial services), general(This you give it out to the world, download apps and access from a unsecured connection). your account is hacked Which brings me to say this again. please use two factor on all your Bitcoin trading accounts. buy a Yubikey from here. https://store.yubico.com/store/catalog/index.php?cPath=2 (https://store.yubico.com/store/catalog/index.php?cPath=2) I will write up a tutorial on a security plan you can implement for your online account later today, hopefully i will get some time to do this. Title: Re: MY android Phone was compromised Need some Suggestion . Post by: aakashkumar on January 30, 2014, 12:38:16 AM When i was accessing my gmail from another country, it sent some code to my phone and wanted me to confirm it before it could let me login. there was of course an option if i did not have the phone which i think it would ask answers for some personal info and security questions. strange it did not happen on ur gmail account. Android is Good . but i made mistake while installing apps Never install app outside google play. Always avoid app which comes with .app extension, outside google play Got it . Have you used the same username and pass on any other Bitcoin related service? No. I made a mistake here " some android games and apps asked permission to access maill account and i blindly allowed them to access to my mail . :-X . guys you should always have a security practice of having three email accounts. one personal(Only the most trusted people get's it, and have it secured using two factor), one commercial(Banking, Bitcoin and financial services), general(This you give it out to the world, download apps and access from a unsecured connection). They Got my general email so ,From nowhere its also going under 2-step authentication.Title: Re: MY android Phone was compromised Need some Suggestion . Post by: dashingriddler on January 30, 2014, 08:58:12 AM I still dont think an app that have permission to access gmail app will be able to even know your gmail password.
One possibility is, they can use forgot passoword on cryptsy and then make tht app read the password u would get to your email and access your cryptsy account. But your screenshots say they have logged into your gmail account as well from a diff ip address. So if it is true that an app that have access to gmail app can really read the gmail password then it is a serious flaw. Title: Re: MY android Phone was compromised Need some Suggestion . Post by: Amitabh S on January 30, 2014, 09:14:13 AM OP please answer few questions.
1. do you use same gmail password on another site? (not necessarily cryptsy or BTC-e) 2. do you use 2 factor authentication for google? 3. did you recently create an "app specific password" for your google account? 4. what app did you install recently? did any of them request access to your email? 5. Look at the time of login, and see which app you might have installed at that time or which sites you visited. Hackers won't waste a lot of time so its likely it was close to the time you saw the login. |
