Quite some time ago I awoke to an inbox full of messages from friends, associates and family (everyone in my Gmail address book) why I thought they’d be interested in purchasing “cheap good goods from convenient service import site”. My Gmail account had been hacked – I even had an auto-responder set up – also advertising the same site.
After panicking, then changing my password, I did a little research. It seems that it is possible for some sites to access Gmail accounts if one browses to said malicious site with Gmail open in a different tab.
The oracle, from Revelations From An Unwashed Brain gives a very informative description of the problem here: Gmail Accounts Hacked â€“ Unpatched Hole Exists.
So how to avoid this? Never open Gmail in a tab – run it in a separate browser. If using Ubuntu, one could use Gmail in Epiphany, and browse the rest of The Internet with Firefox.
Even better, use Thunderbird with Gmail & IMAP.
You’ve been warned.