I guess my email got hacked

[updog]

I started getting some "delivery failure notifications" from a few email delivery subsystems that had a message attached to them, that had been sent from my email account. There was something written in seemingly chinese, and the messages were sent to multiple accounts that didn't exist.

I immediately changed my password, but kept getting these messages for the next few days. The enclosed message from my account had the same date as all of the previous messages though, so I think I might have stopped this shit by changing my password.

Anything else I should do now? I did notice my password was weak as fuck, it was just my birthdate but I changed the password to something much, much harder to guess.

 

[Notuern]

I would say that 99% of the time your email get hacked, its due to some kind of virus or some other kind of malicious software.. so i would scan it just for safety.
And yes, even if it is a Mac it could be either of the two.. its just less likely.
(You might have used your email on an infected computer too, but its always better to be safe.)

 

[updog]

I thought about that too... I'm going to scan ASAP

So if my account was hacked on some other computer, I'm safe after changing the password, provided my own computer is clean?

 

[Notuern]

I thought about that too... I'm going to scan ASAP

So if my account was hacked on some other computer, I'm safe after changing the password, provided my own computer is clean?

Yes, since you only used your old password you should be safe.
Its not impossible that you got hacked for real though.
If you are showing your birthdate and email publicly on your myspace, twitter or facebook, that might be how they did it(Brute-forcing using your public information.).

 

[EerieVon]

Is it attached to a domain name you own or a generic address like gmail or yahoo? If it is your domain it is possible the email address was spoofed and no breach of your security took place

 

[CarlBlomqvist]

It's even more likely that you regristered at some weird website with that email + your email password.

FYI, I use a special superweird password for my e-mail, that I only use for email.

 

[JBroll]

Don't underestimate the risk of a compromised password - especially if you log in away from home, have an easily-guessed password, or reuse names and passwords. Notuern is a bit high with that estimate - password-related idiocy is a serious problem and you should be careful not to reuse passwords with important systems.

Jeff

 

[Notuern]

True, still a majority of the cases where people have login information stolen it comes from malicious software.. but as i also mentioned, its not a good idea to use any piece of information about you that is easily accessible(Due to intelligent bruteforcing.).

Another pointer is to alternate between lower case and upper case, and if you have numbers involved its generally a good idea to use their special keys instead(7 = / etc.).
Example: fInsOpnmAy"==)
You are from Finland, you are nicking Sopulurn and you joined this forum in May 2009.. this information is easy for an intelligent bruteforcing tool to get, but it would take it ALLOT of time to get that one right due to the use of lower/upper case and special signs.. and its even harder(Almost impossible.) if you use information that you haven't put on the internet yet.