Helping people with computers... one answer at a time.

It's not surprising to have an email account hack after your computer is stolen. There are several ways the hackers could have gained access.

I had a Macbook Air that runs OSX version 10.6.8. The computer was stolen last week and unfortunately I didn't have iCloud or another app that I could use to track it. Interestingly, my email was hacked a few days later. Although my username was saved on my browser, my password was not. All the people in my address book received an email from me with no subject and only one line link in the body. I already read your article, "Why am I getting or sending an email that only contains spam from my contacts?" and I've been following your suggested steps. I changed my password and my password recovery settings and I checked my other Gmail settings like forwarding, signature and so forth. However, I believe my case is somewhat unique because I don't have my original computer anymore so I can't follow other suggested steps such as installing a firewall or checking for viruses. If there's a relationship between my computer being stolen and my email being hacked, I'd like to know what all I can do to protect my account in the future.

In this excerpt from Answercast #94 I look at the repercussions of having your computer stolen - one of which is easy access to your email.

Email account hack after computer is stolen

Well, you've certainly everything you possibly can right now to protect your account. That is, like you said;

  • Change your password;

  • Change your recovery information.

That makes sure that the person who stole computer, the person who hacked your account, no longer has access to it.

Computer was stolen

I personally believe that it is simply too coincidental that the hack happened immediately after your computer was stolen. So I do believe that the two are related.

Exactly how they're related, I honestly can't say. It is possible that your password actually was saved somewhere. Perhaps in your browser's password cache. It is possible then that the hacker could access that.

Easy access to mail account

One thought that comes to mind is, if at the time your computer was stolen you were logged into your email account, well; it's very possible that the hacker didn't have to login at all. It's very possible all they had to was open the browser; go to Gmail or wherever your email account happens to be and start sending spam.

Prevent email hacks

It's difficult to come up with a nice blanket recommendation for exactly how to prevent this in the future. Obviously, don't let your computer get stolen is one of them - but the reality is that computers do get stolen.

That's why it's important, I think, that when you are traveling, when you are in a situation when your computer's at risk, you don't use things like standby, you actually shut it down.

You may want to password protect this installation. You might even consider using things like LastPass or other types of encryption technology to encrypt the sensitive data that's kept on your machine - and never, ever, ever, ever let a browser remember your password because those password caches are often very easily hacked into.

(Transcript lightly edited for readability.)

Article C6313 - February 17, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Billy Bob
February 18, 2013 4:44 PM

This does appear to be too much coincidence to dismiss. But, how much overlap can there be between these extremely disparate classes of criminals: the thief of opportunity at some local coffee shop or library, and the link spammer? And, how much cooperation would there be between the two? I can't help but doubt that some ruffian who snatched an unattended computer would have any incentive to use an email access for spam purposes.

On the other hand, I *would* change all those online banking and paypal passwords. If I had a stolen computer and a mind to exploit it, those are the websites I would be checking out, not email services.

NL_Derek
February 19, 2013 9:50 AM

On your stolen PC the spammer can easily see your address book, and your mail address. So he simply spoofs the "From" field; which is easy.

Change your passwords, and be alert for anything unusual in the coming weeks.

bedlamb
February 20, 2013 9:27 AM

Leo mentioned that the password might be found in the browser cache. I'd add that it can also be found in the swap-file.
Erasing the swap-file every time you shut down seems like unnecessary overkill. What I've done a couple times when traveling, is to use the bios password.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.