Question Me and my families emails got hacked

Status
Not open for further replies.

Kyozo

Prominent
Sep 29, 2021
34
4
535
Hello,

I will start this with some backstory of the event that happened. In the morning I powered on my PC and discord has automatically logged me out (I'm usually logged in automatically) and for my 5-6 years of using discord it has never logged me out. At first I thought nothing of it, later on I received an email from google that someone knows my password and I should change it, they said my password appeared in a non google data breach. This concerned me and also answered my question about my discord however although my email and discord emails are the same they do not share the same passwords. Overall I still didn't think too much of it, just a data breach, happens all the time now so i just changed my password and didn't think about it again. Later on in the day I discovered with conversations with my family that my mother, father and sister's email all had the same email from google that someone knows their password and should change it, also the email was sent near around the same time as each other. What worries me here is that this seems targeted, I mean obviously all our passwords are different, and the thing is that my email that was hacked is kind of a email I don't use, like I think I only signed up to discord and one other thing with it and that's it so I don't know where the data breach with my details are. Because even if it came from discord or the other website I used to register my email with, my other families members 100% haven't signed their emails to that service. This is all assuming that our details were involved in a non google data breach, since google told us this. Anyways, I just wrote this looking for answers, what happened, how could of this happened, is this a targeted attack against me and my family? I don't know why it would be, were not important or anything.

Some extra details, when i was trying to find a common link to come up with an explanation, the thing that connects our emails together is that my mothers email that got hacked has emailed my email that got hacked and she has also emailed all my other family members who's emails got hacked. But my email (the one that got hacked) the last time she emailed me was a very long time ago and she has since been emailing my main email(the one that hasn't been hacked) Although this theory has holes in it since it doesn't explain how they knew all our passwords since they are all different. (this is also assuming that this is in fact how they found our emails)

If you need any other details please ask, i want to get to the bottom of this.

Thanks.
 
I received an email from google that someone knows my password...
my mother, father and sister's email all had the same email from google
include what address this email(s) came from.
the actual sender may not have even been Google, just some third party using a name most may trust.

it's possible a data breach or hack occurred to someone in your circle and all of your accounts were targeted by this third party.

if this email included a link to click;
include any address these links would lead you to.
 
An additional bit of advice:
If you ever see an email requesting or suggesting a password change, that you yourself did not initiate from a website at that immediate moment, never click on any links in the email.
Always go to the provider directly and do any password management there.
 
  • Like
Reactions: dwd999

Kyozo

Prominent
Sep 29, 2021
34
4
535
An additional bit of advice:
If you ever see an email requesting or suggesting a password change, that you yourself did not initiate from a website at that immediate moment, never click on any links in the email.
Always go to the provider directly and do any password management there.
Yes I did, i didn't trust it so i logged in to gmail and when i tried to log in, it prompted me to change my password. Also in the recent events tab in mentioned my password was in a non google data breach.
 
  • Like
Reactions: Gam3r01

Kyozo

Prominent
Sep 29, 2021
34
4
535
include what address this email(s) came from.
the actual sender may not have even been Google, just some third party using a name most may trust.

it's possible a data breach or hack occurred to someone in your circle and all of your accounts were targeted by this third party.

if this email included a link to click;
include any address these links would lead you to.
<no-reply@accounts.google(dot)com> this email was the one sent to me

no other emails or addresses were included
 
https://support.google.com/mail/thr...ccounts-google-com-a-genuine-google-one?hl=en

However, if the email provided a link, don't trust it. Since you have access to your account by virtue of being in your inbox, you should change it through the account settings.

I want to say this has been fixed, but I remember like 15 years ago I figured out you can spoof the sender when sending the email out because there wasn't much in the way of security with POP commands.
 

Kyozo

Prominent
Sep 29, 2021
34
4
535
https://support.google.com/mail/thr...ccounts-google-com-a-genuine-google-one?hl=en

However, if the email provided a link, don't trust it. Since you have access to your account by virtue of being in your inbox, you should change it through the account settings.

I want to say this has been fixed, but I remember like 15 years ago I figured out you can spoof the sender when sending the email out because there wasn't much in the way of security with POP commands.
I didn't click any links in the email, I instead logged into gmail with the effect email and it prompted me to change my password. In the recent activity tab it said that my password was involved in a non google data breach.
 

Ralston18

Titan
Moderator
For the most part, my experience has been that "no-reply" emails are mostly just to provide information to the intended recipient.

It is the information itself that must be considered and acted upon.

Perhaps, for example, that email may have been informing you about the "non-google data breach". And letting you know what you should do as a result.

I.e., directly log into your account and change the password versus clicking links that may be within an email. As has been mentioned you do not want to click such links.

Companies use "no-reply" simply to prevent a deluge of emails from customers who are likely to reply with all sorts of questions and responses.

Especially when all that is necessary is for the customer to simply take some minor action: update account information, change a password, opt for 2FA, and so forth.

As I understand your post "I instead logged into gmail with the effect email and it prompted me to change my password. " you may have already taken the suggested action.
 

Kyozo

Prominent
Sep 29, 2021
34
4
535
For the most part, my experience has been that "no-reply" emails are mostly just to provide information to the intended recipient.

It is the information itself that must be considered and acted upon.

Perhaps, for example, that email may have been informing you about the "non-google data breach". And letting you know what you should do as a result.

I.e., directly log into your account and change the password versus clicking links that may be within an email. As has been mentioned you do not want to click such links.

Companies use "no-reply" simply to prevent a deluge of emails from customers who are likely to reply with all sorts of questions and responses.

Especially when all that is necessary is for the customer to simply take some minor action: update account information, change a password, opt for 2FA, and so forth.

As I understand your post "I instead logged into gmail with the effect email and it prompted me to change my password. " you may have already taken the suggested action.
Yeah I changed the password but its still just creepy to me that me and all my family email were hacked when our passwords are different and don't share any common signed with services or websites, so I was trying to get some explanations of how this could have happened. I just which google told us which website was involved in the data breach.
 
Yeah I changed the password but its still just creepy to me that me and all my family email were hacked when our passwords are different and don't share any common signed with services or websites, so I was trying to get some explanations of how this could have happened. I just which google told us which website was involved in the data breach.
Well, getting one of those "you should change your password" emails doesn't necessarily imply you've been hacked. It could be someone was trying to log into your account a number of times and the system flagged your account.

If it was hacked, then you should be able to find some sign of suspicious activity. The only time one of my emails got hacked, it was being used as a spam mail mule.
 

Ralston18

Titan
Moderator
Creepy but not unexpected.

You may not have common services, websites, and emails etc, but if someone "mass mailed" all the other family members then all of those addresses were likely in one email as direct recipients or cc:'s

I know an elderly person who frequently responds to any emails using Reply All and from time to time manages to forward some junk email to everyone else as well.

I get emails from an Aunt and I know she that she did not send the email. Her name is there but the address is some random @......

Delete such emails without opening.

And some that she did sent (as a Forward) I also delete unopened. I can see that she got them from someone else who she may or may not know.

Usually easy because I white list my address book. If the sender is not in my address book then the email goes to the junk folder.
 
Status
Not open for further replies.