In the recount of what happened yesterday regarding my hacked Paypal account, I realized that it was my GMail that was originally compromised and used to reset my Paypal password.
After realizing that, I went and changed my Google Account password and used their 2-Step Verification process.
To those who have been asking in the comments what is and how to activate the Google 2-Step Verification feature, this video should give you the details:
I really don’t know how my GMail was compromised but it could be one of several possible ways:
- I’ve lost an iPhone 3G, Nexus One and iPhone 4 in the last 12 months and it’s possible its been sold to the grey market with my GMail account still logged in.
- Public terminal. I remember going to a net cafe last week to have my ID and Passport scanned and emailed. I remember shutting down the browser but could not remember if I explicitly logged out.
- WiFi Sniffing. This is rare but still possible — my account could have been sniffed over free public WiFi. I even bring my SmartBro Share-It around and leave it without any password so others can use it too (I like to share my net connection). I’m now locking my WiFi.
- At least 3 of my staff also have access to my GMail account so that’s a huge security hole there as well. I trust them but it’s possible they’re not very careful when they need to access my account online.
In any case, this has been a lesson for me and hopefully a reminder to everyone reading this as well. Go try the 2-step verification process so you have some peace of mind.