Gmail - “Your Password Has Neen Stolen”

[eddie1261]

3 hours ago, Dutch_12078 said:

Passwords are not "stored as asterisks", rather they are simply displayed as asterisks. The login database typically stores an encrypted version of the actual password, although in many years of systems administration/analysis and penetration testing, I've seen plenty that store them as plain text as well.

Okay. It is masked with asterisks. 

The initial topic was people being emailed allegedly by google saying their password has been stolen. Not gonna happen.

[Dutch_12078]

Agreed... And the asterisks or bullets are often easily unmasked with freely available software.

[Al F]

12 hours ago, Chalkie said:

I am a long time Gmail user, in fact I have had a gmail account since they first became available. I have accessed the account through Outlook (when I was working) or just the Gmail web app or android app on my cell. I have never seen a message that says my password was stolen no matter what city, state, or for that matter, country, I have been in. 

I do use 2-step login procedures, and would highly encourage everyone to do the same. Once a device is logged in I have the option to tell Google to never ask on that device again. So even if I have to log in again, Google has a record of the device (I believe this to be a combo of MAC address and OS serial) and therefore I do not have to go through the 2-step process again. 

I have to ask the OP, how often do you run anti-malware software? It certainly sounds like you might possibly have some malware in play. 

Again, this is an issue with "Thunderbird" and Gmail, I believe.  If you don't use Thunderbird you probably won't see the issue. 

 

[Al F]

Although I have read some details about why Gmail considers Thunderbird a less than secure application, I don't remember the details. 

I believe most of the issues stem from the fact we have to configure Gmail to allow this less than secure application long in to Gmail.

[Al F]

Here is what needs to be changed in Gmail to allow Thunderbird to logon to Gmail. The info below is copied from the Sign-in & Security section under My Account in Gmail.

 

Quote

Allowing less secure apps to access your account

Google may block sign-in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep your account safe.

Some examples of apps that do not support the latest security standards include:

• The Mail app on your iPhone or iPad with version 6 or below
• The Mail app on your Windows phone preceding the 8.1 release
• Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird

Change account access for less secure apps

To help keep G Suite users' accounts secure, we may block less secure apps from accessing G Suite accounts. As a G Suite user, you will see a "Password incorrect" error when trying to sign in. If this is the case, you have two options:

• Option 1: Upgrade to a more secure app that uses the most up to date security measures. All Google products, like Gmail, use the latest security measures.
• Option 2: Change your settings to allow less secure apps to access your account. We don't recommend this option because it might make it easier for someone to break into your account. If you want to allow access anyway, follow these steps:
  1. Go to the "Less secure apps" section in My Account.
  2. Next to "Access for less secure apps," select Turn on. (Note to G Suite users: This setting is hidden if your administrator has locked less secure app account access.)

If you still can't sign in to your account, the "password incorrect" error might be caused by a different reason.

 

[Al F]

Gee, I don't know where anyone would get the idea that when I said "Gmail knows your password" that I meant a human, as in customer support, could see my password. 

The Gmail application has to know, as in store my password somewhere, to be able verify the password I logon with is valid.

[Chalkie]

3 hours ago, Al F said:

Again, this is an issue with "Thunderbird" and Gmail, I believe.  If you don't use Thunderbird you probably won't see the issue. 

 

Fair enough. Since I am not a Thunderbird user normally I will put this to the test. We are getting ready to do a little traveling so I will load Thunderbird and give it a try to see if it gives the same results. 

 

[Aggie79-82a]

23 hours ago, Devilishjim said:

I thought Thunderbird was something you drank ?

It is.

 

[eddie1261]

Again I ask, does anybody have a copy in their trash or inbox of an email that says "Your password has been stolen". I am quite eager to see that. If you have it, I can show you how to see the headers, which will contain information as to who really sent it. My whole point of even entering this thread that I really don't care about is from the perspective of a retired IT professional who at times wore  the hat of email administrator. Those message headers will have information that allows me to track it back to where it originated. I am not a betting man bet I'd bet you a beer vs a Wendy's iced tea that it did NOT come from Google. And email server is nothing more than a computer that verifies logins and it has no cognitive power to draw a conclusion like "stolen". As far as all the nitpicking about this app and that app, however you reach gmail, it is still webmail at the core, an IMAP mail system. Web interface or mail client, it is still webmail. 

So, does anybody have an email that said "Your password was stolen"? The curious geek inside of me is dying to see it. I have used gmail for at least a decade and I have NEVER seen or heard of that.

[Biker56]

I use Gmail and Thunderbird on my desktop & laptop and have that same thing happen to me many times while traveling in the summer.
It also happens with my iPad & iPhone .

And if I use a VPN also triggers Gmail to ask me to check my account log in.
VPN will show up on Gmail that I tried to log in many states away from my present winter location.

[Al F]

17 hours ago, eddie1261 said:

Again I ask, does anybody have a copy in their trash or inbox of an email that says "Your password has been stolen". I am quite eager to see that. If you have it, I can show you how to see the headers, which will contain information as to who really sent it. My whole point of even entering this thread that I really don't care about is from the perspective of a retired IT professional who at times wore  the hat of email administrator. Those message headers will have information that allows me to track it back to where it originated. I am not a betting man bet I'd bet you a beer vs a Wendy's iced tea that it did NOT come from Google. And email server is nothing more than a computer that verifies logins and it has no cognitive power to draw a conclusion like "stolen". As far as all the nitpicking about this app and that app, however you reach gmail, it is still webmail at the core, an IMAP mail system. Web interface or mail client, it is still webmail. 

So, does anybody have an email that said "Your password was stolen"? The curious geek inside of me is dying to see it. I have used gmail for at least a decade and I have NEVER seen or heard of that.

This is about the first quarter of the "Source".  Is this what you wanted?  Do you need the rest?

Quote

From - Sat Sep 16 06:43:53 2017
X-Account-Key: account6
X-UIDL: GmailId15e87ceef77d1bec
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Delivered-To: xxxxxxxx@gmail.com
Received: by 10.157.27.200 with SMTP id v8csp1220565otv;
        Fri, 15 Sep 2017 16:10:39 -0700 (PDT)
X-Received: by 10.107.16.157 with SMTP id 29mr11025831ioq.196.1505517039364;
        Fri, 15 Sep 2017 16:10:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1505517039; cv=none;
        d=google.com; s=arc-20160816;
        b=ZX+Fb5/PusrsRBSEXBDaJxYViKQsN2BCRGhiGM33qQ74CxIK4NEcKVKj2YGptV+rex
         Xr5SBhnAfi+2lKep1qiR4rWwdT3ztTlAJoVuQwoxXQL7SqEqmcDJh9/xfwaogFzBQV7z
         wDg05LxhJmH79mkE1w3fGDl56ekFL4mdPL2s5mcNgo2bfEwRidWSNlgkORwmWj6S132n
         LvQhXmcLvSlhJdlNlxPtuasZF4wbszphMxhhzSqS+h2I6vRuNU5/aucypMspUox8ZoAd
         9wzqIGtSACYydNJw874otkmIUT8oIbkn5QZ1xiLdg6rheFW2ExzFI6GbfvrNfS9W6Kam
         uAUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=to:from:subject:message-id:feedback-id:date:mime-version
         :dkim-signature:arc-authentication-results;
        bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=;
        b=GkIVgKBb3GgDAitnCrHj8p4S7KYRYoXn49b3B/OhKv69Iqyn1Cxe6agILlRv366zrO
         LXiLYy7buIoPpTMWtYCcMEsYmRutf8JZNjiyf3ebihDrip/BHb4w85Ed+ConmlJ1vP4n
         SCTh/a/XIOWzJgpuQRyAnwWNNO+qUi/pXEc86trSucqbNRacDC2OgBPAfgRogpdb0SlN
         FfqlSo+Cwf1UvQo/dEmPlf/6wie2iwpG03XWtQT9rDJU4Dqx60bgh1XuF0dVkCDvE9b2
         PIaE8rum44Jp0axuFufO4wxFONvOotozJQKFw68Xe6GB4X1kdYyqdAVApZ4DZXAj6VRX
         +IQA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@accounts.google.com header.s=20161025 header.b=bwzxI5WA;
       spf=pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) smtp.mailfrom=37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=accounts.google.com
Return-Path: <37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com>
Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69])
        by mx.google.com with SMTPS id v199sor195411itc.92.2017.09.15.16.10.38
        for <xxxxxxx@gmail.com>
        (Google Transport Security);
        Fri, 15 Sep 2017 16:10:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) client-ip=209.85.220.69;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@accounts.google.com header.s=20161025 header.b=bwzxI5WA;
       spf=pass (google.com: domain of 37l28wqgtcg8ab-ercylnppbhagf.tbbtyr.pbznypnonertznvy.pbz@gaia.bounces.google.com designates 209.85.220.69 as permitted sender) smtp.mailfrom=37l28WQgTCG8ab-eRcYlNPPbhagf.TbbTYR.PbZNYpnoneRTZNVY.PbZ@gaia.bounces.google.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=accounts.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=accounts.google.com; s=20161025;
        h=mime-version:date:feedback-id:message-id:subject:from:to;
        bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=;
        b=bwzxI5WAn9MvAvAnalzWZCmf6299Do8w0i+apktRNJbhLq4QWRSS0OGvvML/JEvtdL
         W/qW04Wnzf4D8LNKw4iwe+OvtJ41e0oJnKNQY0XxiIbsuYrErnNgMHPCMWduS6kTaPqY
         Ql0eJPE7Ogq74tbcnZlKwEZVzk4eT9mBDYFj1djqQYApV+TDLIuVQQWIrxtm3/5Brasx
         WEuFpIauapUGOBAg19ENLUI0bkaidfIxZeSrrBVqiu15mEngcRXnGPLeTLE+vtv0TFxP
         aJGIV7Hu5AMXx8+qWDYWBQbEMVbDmKfxE9EJkDp5kGs/5tRnXc8tdlklGjJnvVBM7Ogu
         038Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:date:feedback-id:message-id:subject
         :from:to;
        bh=HzcSDZeuxD3zWZvLeNKxJIKRf5JuBf+a5arc0l8g+0w=;
        b=e7pSqwfFnNBtqH0y+eLRJ3y+Fw4q81Y5OqNUqtQZ4dxMzwkSYqf5srbTwTl0mrA0+6
         1qz0vefTkU8V2vnz3jSKsNgrjN3s5aqLyYMxWiBuFb3ND44UeUKpnyomzb+a7jUVAV6y
         S02CmlzmQDex6oYfrjgMtteqiBjAMZbgOKFLVRfGTYJ3nl7x7jy9liE+JJgIc9U0jMUD
         NrERkAQcFn6BqqhPoe0O8nNil8iuzQwJEO773yblgDOFCLGEZsvyKqm6n+1+cIoQlhqR
         COTEFpFgzVsODDr4UEYNp7o1ucQweuFIq9LekRESgE87pjyyVeGFn6I+0238T0ayPWiV
         i4xQ==

 

[SWharton]

We have used Gmail with  Thunderbird for many, many years. Now we have our own hotspot and use that all the time but previously we would use the cg wifi. Unless we caused it we have never had logon problems with Gmail via Thunderbird so I don't think that is the problem.

If anyone is interested I can PM screenshots of my settings in Tbird to you.