Gmail "Critical security alert" message, hacking attempt blocked (long post)

[ThinkingPumpkin]

Hey, guys. Let me apologize in forward for this being a long post, but since this never happened to me before I just want to make sure I give you all the details to find out how this happened and help secure my account even more.

 

Recently I've received this message informing me that my account had a sign-in attempt blocked. Of course, this wasn't me since I've gotten this message both on my phone and my Gmail at 05:00 AM while I was sleeping so it leads me to believe that there was some hacking attempt and not some auto-login mistake some website or device I use made.

 

I live in Europe and the sign-in attempt was from the United States as seen in the picture below:

 

Now I have gone through all the Security Checkup steps from the link provided by Google in the first picture (assuming <no-reply@accounts.google.com> was from Google and not some phishing attempt) , and I have also scanned my computer for any malware using both Microsoft Security Essentials and Malwarebytes Anti-Malware (separately, not at the same time) and nothing was found, so I assume I'm safe.

 

I never give my passwords of any account to anyone and I'm extremely careful about what sites I use and where I log in with my Gmail account, so I honestly don't know how this happened. Any files I download I either download from a trustworthy source (Java, Microsoft, Google, etc...) or scan immediately with my antivirus programs to make sure it's safe to open.

 

I only have one suspicion as to what might cause this, and that is the recent Meltdown/Spectre vulnerability.

 

I have an Intel i5 2500K (2nd-Gen, Sandy Bridge) and a Windows 7 Ultimate x64 with the vulnerability patches/updates disabled. Now I know that I shouldn't have done that and that I'm exposing my PC to the vulnerability, the reason I did that is because those updates cause severe performance issues in video games, which is what majority of my time I'm doing on my PC.

 

Last question before closing:

 

When someone tries to access your account like this, do they actually get blocked and unable to change to change the password and use the account for any means? I'm asking this because my account is connected to my bank account and Paypal and other contact emails, so I'm wondering if those accounts as well are in jeopardy.

 

I've also removed any account access from unnecessary apps and websites in Manage Apps

 

This will be all, I hope someone will be able to help me figure this out. Once again I apologize for the long post.

 

Thanks in forward.

[Mihle]

The spectre/meltdown patch does NOT cause severe performance loss in games. 

It does in spesific tasks tho, but that's not games.

 

Also, it's much more likely that that wasnt what caused it at all.

 

EDIT: Also, when Google notified you like that the person doing it have not gotten access. For they to get access you must accept that's it you with an already logged in device. I am quite sure.

[ThinkingPumpkin]

7 minutes ago, Mihle said:

The spectre/meltdown patch does NOT cause severe performance loss in games. 

It does in spesific tasks tho, but that's not games.

 

Also, it's much more likely that that wasnt what caused it at all.

 

EDIT: Also, when Google notified you like that the person doing it have not gotten access. For they to get access you must accept that's it you with an already logged in device. I am quite sure.

5

 

To be honest, I never bothered to benchmark my games with/without the Spectre/Meltdown patches, as I only read some of the users which posted that they have noticed that happening.

 

Also,

Quote

Also, when Google notified you like that the person doing it have not gotten access.

I'm not sure if this is correct, as in the picture above it says:

Quote

Someone just used your password to try to sign in to your account. Google blocked them, but you should check what happened.

 

[Mihle]

10 minutes ago, ThinkingPumpkin said:

 

To be honest, I never bothered to benchmark my games with/without the Spectre/Meltdown patches, as I only read some of the users which posted that they have noticed that happening.

 

Also,

I'm not sure if this is correct, as in the picture above it says:

 

whoever did it does have you password, but it does say that "Google blocked them" so it got blocked. Blocked usually means stopped for doing anything.

At least untill you log in on an already verdified device and press the button that is "yes this is me" (don't do that if it isn't you ofc).

 

And btw you should always have two factor authentication on important stuff. And your email is probably the most important thing.

[ThinkingPumpkin]

1 minute ago, Mihle said:

whoever did it does have you password, but it does say that "Google blocked them" so it got blocked. Blocked usually means stopped for doing anything.

At least untill you log in on an already verdified device and press the button that is "yes this is me" (don't do that if it isn't you ofc).

 

And btw you should always have two factor authentication on important stuff. And your email is probably the most important thing.

 

Yeah, I just enabled 2-FA, the problem is the source of the password leak. I'm not sure how they got it, seeing as how Malwarebytes can't detect anything, even a keylogger.

[Mihle]

Just now, ThinkingPumpkin said:

 

Yeah, I just enabled 2-FA, the problem is the source of the password leak. I'm not sure how they got it, seeing as how Malwarebytes can't detect anything, even a keylogger.

I am guessing you don't use the same password any other places?

 

I have no idea how they got it if it's the only place with the password.

(Except for malware/virus in browser or computer or using a fake login site, but I don't know how likely that is if you try to be careful and malwarebyte/windows defender(?) Finds nothing)

 

Btw I am in no way an expert, it's just what I think. So don't take what I write as 100% fact.

[.Apex.]

that IP is from Vultr, which is a VPS company, its a virtual machine that you remote control from somewhere else, so its possible that the one that "hacked" you is not from the USA (or it could be i have no idea), maybe someone you know? 

could also be a hacker that knows what he's doing

its also possible that this is Meltdown / Spectre related, so patch your damn system and dont worry about slowdowns, i have an old shitty 4 core AMD processor and Spectre Windows patches havent affected gaming at all, dont think Meltdown would either, dont forget to update your BIOS for the microcode patch (if there is any)

also you're using shit Anti-Virus and Anti-Malware programs..............
 

 

[ThinkingPumpkin]

5 minutes ago, syn2112 said:

that IP is from Vultr, which is a VPS company, its a virtual machine that you remote control from somewhere else, so its possible that the one that "hacked" you is not from the USA (or it could be i have no idea), maybe someone you know? 

could also be a hacker that knows what he's doing

its also possible that this is Meltdown / Spectre related, so patch your damn system and dont worry about slowdowns, i have an old shitty 4 core AMD processor and Spectre Windows patches havent affected gaming at all, dont think Meltdown would either, dont forget to update your BIOS for the microcode patch (if there is any)

also you're using shit Anti-Virus and Anti-Malware programs..............
 

 

 

Any reason why they're "shit" ? I've been using them for years and never had any problems.

 

EDIT: Also the guy you linked has a Windows 10, which the performance loss is minimal, wherein Windows 7 even Microsoft stated that the performance will be noticeable.

[.Apex.]

20 minutes ago, ThinkingPumpkin said:

 

Any reason why they're "shit" ? I've been using them for years and never had any problems.

because ive been using standard Anti-virus for a long time until one day i decided to use Microsoft Defender on Windows 10 because my PC felt alot more responsive using that, until not long after i got hit with a malware from Piratebay that started installing a bunch of programs and opening links and crap like that....... probably more than 10 programs installed until i disconnected my internet cable
and Windows Defender was like "everything is fine  youre protected" 

its good that youre using your computer responsibly, that was a mistake on my part i admit, but that doesnt mean that u wont ever get hit by a malware or a virus, Windows Defender barely detects anything is what im trying to say, its very weak, u wont know if its gonna protect you or not, until you realize youve been hacked etc..

MalwareBytes is good but it doesnt replace an Anti-Virus

im using Bitdefender now, bought it and im happy with it, no slow downs at all and its rock solid

also my desktop got filled with dll files and scripts etc etc... if windows defender is not gonna detect basic stuff like that then what is it gonna detect?

[ThinkingPumpkin]

6 minutes ago, syn2112 said:

because ive been using standard Anti-virus for a long time until one day i decided to use Microsoft Defender on Windows 10 because my PC felt alot more responsive using that, until not long after i got hit with a malware from Piratebay that started installing a bunch of programs and opening links and crap like that....... probably more than 10 programs installed until i disconnected my internet cable
and Windows Defender was like "everything is fine  youre protected" 

its good that youre using your computer responsibly, that was a mistake on my part i admit, but that doesnt mean that u wont ever get hit by a malware or a virus, Windows Defender barely detects anything is what im trying to say, its very weak, u wont know if its gonna protect you or not, until you realize youve been hacked etc..

MalwareBytes is good but it doesnt replace an Anti-Virus

im using Bitdefender now, bought it and im happy with it, no slow downs at all and its rock solid

also my desktop got filled with dll files and scripts etc etc... if windows defender is not gonna detect basic stuff like that then what is it gonna detect?

 

Well, I'm not sure how much different Microsoft Security Essentials and Windows Defender are, but if I would replace them, with what AV should I replace them with?

 

What's important to me is quality, and hopefully, they don't have a lot of useless crap like "WiFi Protection", "Gaming Mode" etc... like Avast did.

[.Apex.]

Just now, ThinkingPumpkin said:

 

Well, I'm not sure how much different Microsoft Security Essentials and Windows Defender are, but if I would replace them, with what AV should I replace them with?

 

What's important to me is quality, and hopefully, they don't have a lot of useless crap like "WiFi Protection", "Gaming Mode" etc... like Avast did.

Microsoft Security Essentials and Windows Defender are the same thing

and ugh i hate avast... even though in the early days it was the best anti virus i have ever used, but these days avast heavily slows down your system (atleast on windows 10 thats the case), and its filled with crap that nobody ever needs from an antivirus program, AVG is the same thing, i have used Avira but i didnt like the usability of it.. so far im really happy with Bitdefender, no bullshit involved and it just feels really solid to me, i really trust it, i also liked ESET

and i really recommend patching your system.. no matter the cost, if you value your privacy