Hello, So Woke up this morning to check my gmail account. To my surprise gmail popped up a message to inform me I had unauthorized access to my gmail account in the early hours of the morning. With shock and anxiety, I went into details to check what IP address had accessed my email. I found the following IP address's had accessed my account; Unknown ceruleanstudios.com:74.201.34.142 Jul 13 (1 day ago) Unknown ceruleanstudios.com:74.201.34.105 2:51 am (19 hours ago) Now I used the Web IM version of the software that morning, which I have never done before. Please remember these unauthorized requests have been made hours upon hours after. Can anyone tell me if they have had this issue? I use there windows software but never had this issue before? Is it time to change passwords, or is this an automated bot, But why wouldn't it use the gmail API like it usually does?
Trillian supports email. If you don't want it checking your email, disable it (obviously you had to enter your login/password).
Here is the thing, I've used trillian for years, its never flagged them before? is this a manual login? or automated, but if automated wouldn't it use the API? Therefore providing no flag in my inbox? Is it time to change passwords, or is this an automated bot, But why wouldn't it use the gmail API like it usually does?
Well first of all, there is no Gmail API. Secondly, it wasn't logged in through the browser (it shows unknown)... What does strike me as strange though is why they would bother running the email requests through their servers instead of your computer.
Hey Shaun, I believe they now have a gmail API; http://code.google.com/apis/gmail/docs/ not sure how long its been around. It's fairly uneasing actually, as trillian has accessed my mail to show email headers on my desktop for years, so I know when I've got a new email. This has never happend before. However if they are harvesting or manually checking my email, this is extremely bad. I have customer server logins, logins to financial institutions - as a programmer my gmail account is my life and I'm seriously considering taking an hour or two out to change my passwords for everything, as daunting as it seems. In regards to there being no user agent, they can very easily blank this or spoof it, using an equivalent curl user agent function. I've posted this post and a link to here on the cerulean studios forum, I would very much like those guys to respond to this. http://forums.ceruleanstudios.com/showthread.php?p=813462#post813462 Otherwise... who's got another IM client?
Well I meant Gmail doesn't have a "traditional" API they have POP3, SMTP and IMAP access, but I don't really consider that an API, just a protocol.
yeh true, but if your running your code on google apps, it allows you to send and receive XML responses for Email Settings, creating labels, creating filters, updating signature, language settings and more. No doubt this will be public soon.