Sunday, January 2, 2011

Gmail Account Security Breach - zorpia spam

Recevied spam
My son and I had an interesting security breach this morning with regards to  We detected this when all of his gmail contacts were spammed with email from "invitation at" on his behalf.  All of his contacts were spammed multiple times with the same email that was essentially trying to get the recipient to click on links that pointed towards  Let me explain how the events transpired:

Since my son is blocked from via OpenDNS I knew he did not have an account there.  We discussed the issue and quickly realized some account of his was breached.  At this point, all we knew was the zorpia spam was sent to me and my wife.  Shortly thereafter, my son received a forwarded zorpia email from his grandfather asking about it. email getting sent to his gmail contacts
At this point, we knew for sure it was something to do with his gmail account.  Since his password was "tight" at 9+ characters including punctuation characters, it was hard to believe someone cracked his password.  Especially since it was used no where else.  I asked him if had recently used a friend's computer to access his gmail account and he had not.  He did mention he brought his Mac over to his friend's house and they ran an "open" wifi network (shame on them).  Since my son has a Mac, the open wifi  did not raise immediate concerns.  I have has Mac buttoned up with ssh key authorization only.  We then ran a Norton scan on his Mac and it was clean.  His USB sticks were also scanned and were clean.  Home network scans on all home computers were also clean.

Firewall Check
My home network firewall (FreeBSD/IPFilter) is fully logged and very tight.  I ran some reports on the logs and nothing jumped out at me.  I actually put all log entries into mysql making searching through firewall data very easy.

Gmail Account Access Details
Lastly, I asked him to look at his bottom of his gmail page and look at what IP addresses were used to access his account.  I have a static IP address at home so there should really just be my public IP address listed since his Mac rarely leaves our house.  To our shock, the IP addresses were coming from several addresses.  I ran a few "whois" and most IP addresses pointed to the amazon clouds.  However, some where starting to show up from Japan in near real time.

Gmail Account Breached for Sure
Obviously, at this point we knew his gmail account was breached.  We changed his password to a nice 13 character password with the standard upper/lower case letters, numbers, and punctuation.  Fortunately, gmail provides a way to sign out all other sessions (thank you google!).  At this point, the breach was closed.

Lastly, we monitored the IP addresses his gmail account was accessed from and it continued to just remain from my public IP.  We emailed his gmail contacts about the issue warning them not to click on any zorpia emails from him.

Password Policies
This should remind all of us to:

  • Use passwords that contain upper/lower case letters, numbers, and punctuation.
  • I require my family to use fully random characters that do not spell anything.
  • Length of passwords, at least in my opinion, should be 14 characters long for all financial institutions.
  • Passwords can be shorter for sites with less security concerns, online forum perhaps.
  • Never use the same password anywhere.
  • Use some secure method to record your passwords.  There are several online services to help you manage them.  Some services use 3 way authentication which is what I require for my family.
  • Change passwords regularly which is easier to do using one of the online services.

In closing, it would be nice to think that the Internet is friendly and useful place and it certainly is.  However, security should always be a concern.  Hacking techniques constantly evolve and one needs to stay up to date on their computer/network security infrastructure.


  1. Zorpia has been exceptional working with me to understand, investigate, and resolve this account breach. Thanks Zorpia!

  2. The Zorpia Team supported me superbly investigating this incident. I cannot thank them enough.

    Upon complete investigation, the incident had nothing to do with Zorpia spam nor did Zorpia have anything to do with the gmail account breach. It was purely an incident of the lack of proper parental controls on a child's computer.

    As it turned out, OpenDNS was not blocking in my configuration and the Zorpia account was genuinely created from my public IP. Furthermore, the (Zorpia) user knowingly sent out Zorpia invitations from this gmail account.

    We do know, that the gmail account was breached and this was likely due to the lack of proper password management but I cannot be certain.

    Unfortunately, I did not have enough firewall logging to determine what PC accessed on my home network. An issue that is now corrected.

    This is a good lesson of learn all the facts before posting information. My apologies Zorpia.

    Most respectfully,
    John Clinton

  3. I am surprised at your apologies(!)to Zorpia! Zorpia is a spamming site who hacks your email address book and spams all your contacts. They are a fraudulent site, for all I know.

  4. Pardon the extended delay getting back to you mats. I based my apology on the best information I had at the time. Your comment may very well be true, but I cannot prove it.


  5. It is a spam website. I have received numerous emails from them and never signed up with them, but somehow they got my information. I have reported their emails as spam and still continue to get spam from them. I reported them to their domain provider today, which is If they cannot fix the issue I plan on starting a class action lawsuit against them. Doing a simple Google search for "Zorpia spam" will show that many people are dealing with unsolicited spam from this website. Just wondering if you had any suggestions as to how I can compile a list of other victims so that I can let them know about my actions and get as many people involved in this potential lawsuit so that we can get them shut down for good. Thanks.

    John Bishop

    1. John, our office manager's PC was apparently hacked somehow by Zorpia and now all of the folks in our company (from her address list) are receiving emails, "private messages" and "invitations" from her. This definitely is the result of Zorpia hacking in and stealing address lists, and then using them to expand their network of folks who have been hacked (getting THEIR address lists too). - Jim (Our website is so you can reach us that way.)

  6. Zorpia lied to you. They "supported" your investigation by feeding you false information about what they do.
    Spammers can concoct some very convincing "but it wasn't us" scenarios, and sites like Zorpia probably do that every day so they can get really good at it.

    The GMail breach was probably an OAuth enabled access (no password required); you need to check all affected Google accounts for enabled apps, and revoke access to the Zorpia one and/or any that you don't know and trust.

  7. How do I "check all affected Google accounts for enabled apps, and revoke access to the Zorpia one?"

  8. For each and every Google account (gmail or not):

    Log in.
    Click on the "Account" link at the top right.
    Click on "Security" in the left column.
    Click on the Edit button after "applications and sites".
    Log out.


  9. Zorpia is bad.
    I'm not sure what they get out of it, but they ask people to click on a link for a "secret message" - and that authorizes Zorpia to send spam to the entire address book of the unsuspecting user.

    I have six acquaintances so far who have accidentally invited me - and the invites keep coming.

  10. Wikipedia actually had a great writeup on Zorpia saying they are ligit social networking but they break their own anti-spamming policies by hacking into others accounts.. good info here thanks!

  11. The bastards. They hacked me too. I have just 10 mins ago found yahoo congratulating me for "successfully sharing my Yahoo! infornation with" - WTF I have only just found out who they are.

  12. I got a spam email from Zorpia:

    "MyContactsAlias" left you a private message. Click on the button below to view it:

    There's button that says [View private message]

    When you click the button you are prompted to login with your google account. I wonder if I was only prompted because I have 2 accounts and I was prompted to select one of the 2. I'm thinking maybe it does not even prompt you if you only have one account.

    "A third party service is requesting permission to access your Google Account.

    In order to authorize a third party service to access your account, you must sign in. "

    Google needs to add another layer of confirmation before a site access your contacts.

  13. Screw you crying bitches. Our company, Zorpia, cares only about hijacking your contacts so that we can make a profit dragging them to our sites. This is how it works. What more do yo need to know?

  14. I had a row with my girlfriend about her zorpia profile. After calming down and analysing the situation, we noticed that her facebook details were automatically harvested. Her photo and details were on the zorpia website and she received dozens of emails each week. She never allowed for photos to be taken like this and more disturbingly, the zorpia app on facebook propagates like a virus going through the friends network. If the facebook app platform is set to ON, your information gets used. When switched off, zorpia does not take the information. Zorpia is doing using this to then activate the zorpia account so that it looks like my girlfriend was frequently on the site. Basically, zorpia makes lots of fictitious accounts by leeching on existing social networks, such as facebook and goolge+. After that it keeps the site looking alive by periodically activating the profiles to seem to have an active user base. My girlfriend got the same "I added you.." email from one of her happily married friend who had no idea that her details were used on a website to attract men. All this happened in September 2013. Finally, and of the greatest importance, instead of logging into the account using one the provided links (using existing facebook or google account), you can also just type in your email account (unclick the remember my details) and type your email password! Yes, zorpia also harvested the email username that was attached to facebook and the corresponding password of the email address (not necessarily the facebook password). This is an entire breach of privacy and the site is not a bona fide website, but instead uses social network sites to create a large "user base" to then get revenue from advertisers.

  15. zorpia is a scam website that took over my whole address book. It sends me weird emails

  16. I got a email alert from Zorpia that they had a private message for me from a friend I have not seen in quite awhile. Iwas immediately suspicious and did not attempt to view the message or do anything but delete the email. Now my yahoo mail shows that friends name superimposed over my own name and email address on all of my incoming mail. in addition it looks at times as if my outgoing emails are being CC'd to my old friend. Weird...

    1. I got the same email today, and am going through my system and changing everything. Scanning all with McAfee. Never been to thier site, nor any to associate with them. And I do not use Facebook, so that means they have hacked my information. Because I sure didn't put it out there for them to have, nor harvest. Put them on the block address lists on everything you have, especially your email live scanning anti-virus programs. Such as Norton, McAfee, etc. they all have the live email scan and option of blocked emails, or any contact from those sites, etc. If you don't then good luck.

  17. Thank god for this blog!

  18. My son got this last night. Opened an email from one of his friends who had fallen into the same trap. What then happens is it uses your authorizing its use of an account you have as an app 9e.g. it becomes an app that you log into via your google or facebook). That gives it access to your friends or contacts and it starts to email them. And so it goes, spreading its roots through your network. What to do? (1) disable its access to that apps it is authorized to use. (2) change your passwords, (3) set up a filter to delete (or file away) any mail you get from Zorpian. And you will get plenty. And they make it hard for you to disable your Zorpian account because in order to access it, you have to give them access to the same asset they exploited in the first instance to start contacting your contacts. So don't do that!

  19. We all know that email is a huge source of overwhelm for many solopreneurs, and also one of the biggest time drains. However, email is essential to a solopreneur's success, so you have to find a way of organizing your emails. If organized properly you'll quickly and easily

  20. Are you tired of your quickbooks minor errors or are you fed up of paying technical support and still having issues , Call QuickBooks Support Number +1800-986-6730 is the only QuickBooks support phone number which is carrying its reputation from last 9 years in the market .We provide QuickBooks Pro Support , QuickBooks Premier Support , QuickBooks Enterprise Support , QuickBooks Point of Sale Support , QuickBooks Payroll support and QuickBooks Cloud Hosting Support . Without wasting your time it just takes 5 minutes for our intuti certified proadvisor to take the control of your computer and understand the problem you are going through, after he takes up the responsibility to resolve your problem you just have to sit back and wait for the technician to call you and tell you about the resolution of your problem. All QuickBooks technical support under one roof.
    QuickBooks Pro Support Number
    QuickBooks Support Phone Number
    QuickBooks Enterprise Support Number
    QuickBooks Enterprise Support Phone Number
    QuickBooks Desktop Support Number
    QuickBooks POS Support Number
    QuickBooks customer service 1800-986-6730 QuickBooks support phone number
    QuickBooks Support Phone Number
    QuickBooks Tech Support Phone Number
    QuickBooks Technical Support Number
    QuickBooks Tech Support Number
    intuit quickbooks support
    quickbooks tech support
    quickbooks customer support
    quickbooks 24/7 support phone number
    quickbooks technical support phone number
    quickbooks online support phone number
    quickbooks payroll support phone number
    quickbooks tech support phone number

  21. Good to be here and to read this marvelous article which i need to say thanks. I really appreciate this info.

  22. Nice blog has been shared by you. before i read this blog i didn't have any knowledge about this but now i got some knowledge. McAfee Antivirus software then just go through the link here. Click Here:- McAfee Antivirus Helpline Number

  23. "
    Thanks for such a great information and to provide us. We have the finest Intuit certified technicians and If you're facing trouble in your QuickBooks accounting software then just go through the link here. Click Here:- QuickBooks Support Phone number"

  24. Very Nice Blog I Read Your Post Its Amazing It Is Very Interesting post Thank You For Post then just go through the click here Buying a Used Car

  25. Thanks for such a great information and to provide us. We have the finest Intuit certified technicians and If you're facing trouble in your McAfee Antivirus software then just go through the link here. McAfee Antivirus Customer Service

  26. Thanks for such a great information and to provide us. We have the finest Intuit certified technicians and If you're facing trouble in your QuickBooks software then just go through the link here.
    QuickBooks Technical Support