Can Google accounts really get hacked?

[Deleted member 386356]

Long story short, i pissed off some guy by unfriending one of his buddies due to misbehaviour, and now he is threatening to hack my Steam, Deviantart, Google and YouTube accounts for doing so.

Now obviously, i dont fall for petty and ridiculous threats like these, however this person seems rather serious. He posted my personal info, which included my home address and full name (which he may have got from GoDaddy, but still). I was also told rumors by certain server members that this person had sucessfully hacked youtube channels, such as Onision and minor minecraft kiddies. Finally he was sucessfully able to send me screenshots of private conversations between my friends (which may as well have been shared).

I know i shouldnt fall for these threats, but having autism gives me a high level of superstition, thus makes me worried throughout the whole day, thus in wondering if it is actually possible for Google accounts to get hacked (im asking mainly for google since thats what im worried about the most).

 

[CeeDee]

Best option would be to change your passwords and don't reuse any.

 

[Beerus]

name pls

 

[bennyman123abc]

YouTube accounts are Google accounts so, yes.

 

[gnmmarechal]

I mean, technically... Possibly. On the other hand, I very much doubt he can do any of that. whois information is simple to obtain and doesn't show any skills he might have other than googling. Don't worry about him. Report him, block him, don't care.

 

[Deleted User]

I was also told rumors by certain server members that this person had sucessfully hacked youtube channels, such as Onision and minor minecraft kiddies.

I've been following all of the Onision drama for a while now, and I don't remember hearing anything about Onision being hacked, ever. Those are likely nothing more than rumours with nothing to back them up.

 

[bennyman123abc]

I've been following all of the Onision drama for a while now, and I don't remember hearing anything about Onision being hacked, ever. Those are likely nothing more than rumours with nothing to back them up.

His Twitter was hacked. Not his YouTube though.

 

[Lacius]

As mentioned above, as long as your passwords are complex, unable to be figured out by someone with knowledge of your life, and aren't reused on multiple sites, the odds of having one's Google account hacked are very small. If you're paranoid, setup two-factor authentication and require logins to be accepted by, for example, your phone. Do that, and the odds of a hack are vanishingly small.

Merely having a complex password that isn't the same as any other website's password should suffice, unless you're the victim of a phishing scam or a keylogger. In those cases, that's where the two-factor authentication comes in to protect you.

Edit: To be clear, all of your passwords to various websites should be entirely different. If one website's password database gets leaked, then it's not hard to apply that password to other accounts that belong to you.

 

[Deleted User]

His Twitter was hacked. Not his YouTube though.

Aye, that's what I meant. I'd heard about his Twitter account getting hacked but didn't think it was worth mentioning since YouTube was what was being talked about mainly.

 

[WiiUBricker]

Change your password and enable two factor authentication if you haven't already.

 

[Deleted member 386356]

Thanks for the help everyone, i already got the Authenticator app setup as well as a password with special characters, this should keep me safe.

 

[mgrev]

yeah. anything can be hacked if you have the dedication and equipment, however 2fa makes it way too fucking hard to bother with for most people.

 

[FAST6191]

however 2fa makes it way too fucking hard to bother with for most people.

It is easy enough, it is certainly part of the skiddy playbook these days, to ring a phone company up and get a sim reissued, especially if you have the sort of info the OP claims to have already had posted.

Doing it properly would mean you want a dedicated burner phone/sim for this sort of thing.

Equally you can do all this but all the security in the world does not help much if the base setup is compromised -- these sorts of people do enjoy their remote access tools (boring if you ask me but simple minds and all that) and go to some lengths to set them up. Mainly keep an eye on your startup programs. Likewise if you want to assume all computers they are likely to have touched are compromised (don't log in on a school/library/friend's machine) that is not a bad plan.

Screenshots between your friends and you. Any tells that they might be from your friend's account? You would do well to hack me, hacking some of my friends though is a different matter entirely and print screen will generate something similar looking to what you see on my machine. Copy and paste is even worse.

In a move that might almost be cutting off your nose to spite your face then many of the services listed will allow you to go private or suspend for ? days. If it is only a mighty skiddy acting on behalf of a friend over some boring drama then while bothering such things every few days gets to be a game, bashing your head against a wall that does not exist sees interest taper off.

 

[Pixelspass]

If you're paranoid, setup two-factor authentication

To be honest, DO THIS NOW with every account that supports this. It has nothing to do with being paranoid. Everyone should use 2FA!

 

[DarkIrata]

It is easy enough, it is certainly part of the skiddy playbook these days, to ring a phone company up and get a sim reissued, especially if you have the sort of info the OP claims to have already had posted.

Doing it properly would mean you want a dedicated burner phone/sim for this sort of thing.

I think what you mean is sms / call verfication.
2FA is device bound, not to your a number.

Just to clear things up

Edit: To be fair. 2FA is a thrown word like MicroServices or Cloud

 

[FAST6191]

I think what you mean is sms / call verfication.
2FA is device bound, not to your a number.

Outside of those RSA number generators you get given in various companies all the times I see two factor out in the wild it is SMS and call based, the SMS one being the one most go in for.

I agree it is not the whole range of choices but it does represent most of the ones I see in the wild.

 

[WiiUBricker]

Doing it properly would mean you want a dedicated burner phone/sim for this sort of thing.

That is good advice. Some phones have a dual-sim slot. One sim is your main one and the other is for security.

 

[Super.Nova]

Report him to the police and get on with your life.
You already have proof of threat if they were messages with names (for him and backstory).

I'd rather screw them legally before they bother me again.

 

[The Real Jdbye]

Long story short, i pissed off some guy by unfriending one of his buddies due to misbehaviour, and now he is threatening to hack my Steam, Deviantart, Google and YouTube accounts for doing so.

Now obviously, i dont fall for petty and ridiculous threats like these, however this person seems rather serious. He posted my personal info, which included my home address and full name (which he may have got from GoDaddy, but still). I was also told rumors by certain server members that this person had sucessfully hacked youtube channels, such as Onision and minor minecraft kiddies. Finally he was sucessfully able to send me screenshots of private conversations between my friends (which may as well have been shared).

I know i shouldnt fall for these threats, but having autism gives me a high level of superstition, thus makes me worried throughout the whole day, thus in wondering if it is actually possible for Google accounts to get hacked (im asking mainly for google since thats what im worried about the most).

Normally passwords aren't obtained from attacks targeted at certain people, they're obtained from huge database dumps from hacked websites which are either posted online or sold to the highest bidder.
The chances of someone being able to purposely "hack" into your accounts are slim, bruteforce attacks aren't really viable without knowing the hash unless you use a common password, as most sites nowadays temporarily block your IP after only a few tries, nevermind that bruteforcing that way is a very slow process to begin with. The only way they could get the hash would be by hacking the website. That leaves social engineering (which is easily avoidable by not being an idiot) and someone actually hacking into your PC or getting physical access to it. The latter being easily preventable, and the former can be mostly avoided by keeping your PC, AV, browser and browser addons up to date as well as anything that can access or be accessed from the network.

 

[mgrev]

Outside of those RSA number generators you get given in various companies all the times I see two factor out in the wild it is SMS and call based, the SMS one being the one most go in for.

I agree it is not the whole range of choices but it does represent most of the ones I see in the wild.

What about 2fa like the google auth app?