This morning I discovered that someone had gained unauthorized access to my Gmail account and disabled my two-factor authentication. When I checked the security settings, I found login activity from someone in the Philippines dating back about a year, which I never noticed before. The attacker sent out dozens of emails from my account before I could regain control. I immediately changed my password and re-enabled 2FA. I’m also seeing login attempts on my LinkedIn profile from the same geographic region, even though my LinkedIn has minimal information. My main concerns are: what additional security measures should I implement, and is there a risk that my personal information was included in those mass emails, or were they likely just spam/phishing messages sent to my contacts? I’m also wondering if the breach could be related to granting permissions to OBS software on my local machine.
Been through this myself a few years ago. If they disabled your 2FA, they had more than just your password - probably got into your recovery phone or email too. Check if they added backup recovery methods while they were in there. Google logs all account changes, so go through your security timeline and see what else they messed with. Since LinkedIn’s getting hit too, your email might be part of a bigger data breach from some service both accounts used. Those mass emails are just generic phishing templates - they wouldn’t waste time personalizing spam. What saved me was creating a separate Gmail for banking and important stuff, then slowly moving everything away from the compromised account.
Those mass emails were probably just generic spam - attackers don’t bother personalizing when they’re sending bulk messages. The year-long access is what’s really scary here. They likely set up multiple backdoors to keep control of your account, not just your password. Change your password and turn 2FA back on, but also revoke all active sessions in your Google settings. Check your account recovery options carefully - they might’ve added their own backup emails or phone numbers while they had access. The LinkedIn activity sounds like credential stuffing or you got caught in a bigger data breach. I’d enable Google’s advanced protection since you seem to be getting targeted more than usual.
Sounds like they grabbed your credentials from an old data breach and have been sitting on your account harvesting contacts. Check haveibeenpwned to see what breaches your email’s in - that might explain the Philippines connection if that’s where the breach data ended up being sold.
damn, that’s rough - a whole year without knowing is terrifying. check your gmail for any email forwarding rules the hackers might’ve set up. they love using those to keep spying even after you change passwords. you should probably get a new email for important accounts too since yours is definitely on every spam list now.
Same thing happened to my colleague last year. We found out the attackers had set up email delegation permissions - lets them access the account without triggering any login alerts. Check your Gmail settings under “Accounts and Import” to see if there’s delegate access you didn’t set up. They stayed hidden for a whole year, so they weren’t just blasting spam - they were being careful and methodical about it. Your OBS connection probably isn’t related since email hacks usually happen through stolen credentials or session hijacking. Those mass emails were likely just harvesting more contacts from your address book, not leaking your personal data. I’d turn on Gmail’s confidential mode for sensitive stuff and maybe create a separate Google account just for financial services.
The timing between your Gmail and LinkedIn getting hit isn’t random - someone’s been systematically going through your accounts, not just throwing spam at the wall. They had access for a year before going loud, which is what really worries me. Google lets you download entire account histories - emails, contacts, Drive files, everything. Check your Google Dashboard for any weird data exports or suspicious activity patterns. That year-long wait before the mass emails screams organized operation. They were either selling access to your account or using it in a botnet. Since you’re clearly being targeted, I’d enable Gmail’s Advanced Protection Program on top of the usual security stuff. Also check if they messed with your email signature or auto-reply settings - those could still have malicious links running.
The long timeline suggests a persistent threat aimed at maintaining access to your accounts. Disabling your 2FA likely indicates they compromised your recovery methods. Take a careful approach to secure your accounts. In addition to addressing the basic security measures, review any OAuth tokens or third-party app connections set up that could serve as ongoing access points. Utilize Google Takeout to analyze sent emails from the unauthorized timeframe to determine whether sensitive data was harvested or if your address was exploited for spam. The simultaneous LinkedIn activity raises red flags; your email could now be in spam databases, leading to legitimate correspondence being misclassified. Gradually transition to a new email for vital accounts while monitoring your old one for ongoing threats.
holy crap, philippines login for a year?? that’s insane you didn’t catch it sooner. i’d honestly nuke that whole google account at this point - export your data and start fresh. if they disabled 2fa, they probably compromised your phone number or recovery email too. check for weird apps with oAuth access to your google account - hackers love using those as backdoors.
A year-long breach is way more concerning than a simple password hack - this screams persistent compromise. With coordinated attacks hitting multiple platforms from the same region, you’re definitely being targeted, not just caught in some random attack. OBS probably isn’t the culprit here since email compromises usually happen through stolen credentials or hijacked sessions, not local software permissions. Those mass emails were likely generic spam blasts using your address to trick your contacts - attackers don’t usually include victims’ personal info in bulk campaigns since it kills their efficiency. You’ve covered the basics, but I’d run a full system scan, check for sneaky forwarding rules or filters in Gmail, and audit your Google account’s app permissions. Also see if they changed any recovery email addresses while they had access.