Someone out of country got my Google password(1P generated).Google denied them access. How?

Options
dmcbride210
dmcbride210
Community Member

So Google contacted me, said someone in Paris FRA(I'm in OH-USA) tried to log on using my password. Their access was denied.
So I generated a new Google password with password generator, but how can someone get or guess my original P1 generated 14-16 digit password in the first place? Is there anything else you can think of that i should be doing?
Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Someone out of country got my Google password(1P generated).Google denied them access.I regenerated but how can that happen w/1P?

Comments

  • danco
    danco
    Volunteer Moderator
    Options

    I'll leave AgileBits to answer if that is actually what happened.

    I'm not doubting you, just wondering whether that phone call was genuine or a scam (and whether some Google details were collected in some scam). I have had phone calls like that, not from Google, that were scams.

  • julie-tx
    julie-tx
    1Password Alumni
    Options

    As @danco mentioned, it is possible that this was a scam and the person was hoping to trick you into providing additional information.

    You mentioned that the attacker tried to login using your password, but their access was denied? Unless you have a 2FA mechanism enabled, they wouldn't be able to access your account without the correct password, which makes me question if they actually had your actual 1Password generated password.

    You asked how someone could guess your password. Anyone can attempt guess your password, though a strong, random, unique password generated by 1Password will be extraordinarily difficult to guess correctly. It is possible that someone had your email address and attempted to using any of the commonly-used passwords to break in. I would need more information to know if they'd actually obtained your password and were attempting to use your actual password, or if they were simply guessing and failed.

    There are a number of telephone call "Help Desk" scams at present, claiming to have information about a break-in or virus. As @danco mentioned, I've not received any of these fraudulent calls claiming to be from Google -- most claim to be from another software provider.

    I looked at your O/S version to see what additional advice I could provide, but you didn't provide one. In general, make sure that all of your software updates are current, and that you avoid malicious website and heed all browser warnings. One possible way to steal a password is for a site to pretend to be Google and for you to fill-in the sign-on form without verifying that you are actually logging in to the real Google website.

    Please feel free to provide more information and ask more questions.

  • Saluki
    Saluki
    Community Member
    Options

    I had the exact same problem. Google told me that someone had my password. They had logged in from another location in the USA other than mine. Once I change my passwords I could not get access to my Google account. After some discussions with them they determined that my account was hacked and malware was placed on my iMac. they recommended a company who specializes in removing such malware. After an expensive session with them the malware was removed.
    I got a similar notification from Google a few days later. The malware removal company could not find any problems. In my case I think the VPN service I am using triggers Google's alarms. I come in from a different IP and different location. I learned to wait a bit before I react to Google's messages on this subject.

    Saluki

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    In my case I think the VPN service I am using triggers Google's alarms. I come in from a different IP and different location.

    @Saluki: Yes! I was just about to ask that! More and more people are using VPNs these days, so this particularly confusing (if you're not thinking about it at the time) issue comes up frequently.

    It was my guess after reading your initial description, since it sounded like the login was successful. In that case, as a 1Password user, you're probably not refusing passwords, and with 2-step verification, someone would essentially have to have direct access to you to pull this off. So a login from another location would likely be an IP issue. I was once given an IP address by my ISP that was associated with Mexico for some reason. And using a VPN gets me all sorts of terrifying calls and emails. And when you get one of these, you're just that much less likely to be rational. :dizzy:

  • Saluki
    Saluki
    Community Member
    Options

    After thinking about this for awhile I am not sure they had my password. Google denied access because of the strange IP address and location not associated with my account. O don't know how they hacked my home IP address.

  • Saluki
    Saluki
    Community Member
    Options

    How do you refuse passwords? Do you somehow restrict the number of attempts that can be made? Can it be site specific?

    Thanks,

    Saluki

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Saluki: You'd really have to ask Google what their login policies are. This is outside of the realm of 1Password I'm afraid. :blush:

This discussion has been closed.