Originally Posted by
nerd
So if a dictionary attack was not the mechanism, what was?
You're in IT and maybe can explain these things better. Would it mean that someone was intercepting traffic somewhere and watching your login credentials fly by? Or someone was able to access your account info from a leak on Google's end?
Could be a bunch of things. Key logger, perhaps. Or a brute force attack, which could work against a shorter, simpler password. It's possible but doubtful that someone broke into a server at Google and stole an encrypted password file for a bunch of users. It's probably not likely that someone sniffed the packets at login, since Google encrypts signon by default. But it may be possible that the OP wasn't using an SSL connection for the entire mail session (just the login), which let someone sniff the session cookies and log in as him.