Hello,
Yesterday I registered accounts on some online storage websites. On that same day’s afternoon, Google notified me about someone had has logged in using my Google account in US (clearly that’s not where I live). So I had to change password and perform a whole PC scan.
http://i.imgur.com/Yz9tQXt.jpg
What I did yesterday were:
- Register account at https://www.copy.com
- Register account at http://ozibox.com
- Register account at https://sensortower.com
- Register account at https://www.appannie.com
- Authorize website to access account at ballloon.com/
- Authorize website to access account at https://filestream.me
Also I logged into this site but I registered long time ago:
Only google account is exposed so far (at least as I know). The computer is clean. I highly doubt that the sensortower and appannie were the cause. I used the same password for all account unless the site didn’t allow it (stupid yes but this account is not my main account).
This is strange because if the hacker just tried the password from website to access to my Google account and accidentally succeeded then he had access to the account database of the site or he was the owner of the site himself.
If the hacker access my account using the Basic account info permission (View your email address - View your basic profile info). Then how was that possible? He only had my email address?!
No suspicious activity so far since I changed the password (I used the phone to change the password).
Can anyone try to replicate the attack with these sites. That would help many people from losing their accounts.