How can a hacker get into an e-mail without knowing my password?

Wicks

Estimable
Apr 2, 2014
10
0
4,560
Hello everybody!
May i ask, how can somebody get into my e-mail and Guild Wars 2 account (btw it is a Hungarian mail provider - indamail.hu) without knowing my password? I found my Guild Wars 2 password recovery mails open, when i wasn't logged in. They got into my GW2 account as well, but they haven't changed any of my passwords. I changed my passwords, but they can still get in, they can still log in to both my e-mail and GW2 account, without recovering or changing my passwords.Of course, after this, i checked my computer with 2 anti virus/malware software, they found nothing. My other game accounts and e-mail haven't been compromised, so i guess they got into their servers. But how?, and what can i do about it?

p.s.: i wrote mail to both company about it, still waiting for answers.

Thanks, Peter.
 

IRyannHD

Estimable
Mar 3, 2014
21
0
4,570
They may be able to access from your internet by passing through the firewall. There are also programs that brute force the password. Basically it will try every possible password combination, it can take time but eventually it can get passwords. There are probably more ways but I'm not sure about any more.
 

Hjgrove

Honorable
Dec 8, 2013
52
0
10,590
There tends to be a few ways a hacker can get into accounts.
1. You created a account on a "Doggy" website that's the same passwords as the email and gw2 account and you also entered the email onto the website, giving them full access.
2. Your computer has been hacked and is running a remote desktop connection in the background and the hacker is watching everything you do (Least likely)
3. The hacker has hacked into your email server and located the files to some passwords to some emails, and has then entered your email.
4. A company you trust (A website you use e.t.c) has sold your password and email to a person who is therefore using it.
 

Wicks

Estimable
Apr 2, 2014
10
0
4,560
Thanks for the quick answer! But brute force, or alrdy used/sold password isn't the option, cause i changed my pass to a very hard one (16 letter, contain special ones too) and i haven't used it anywhere before. I don't know if they are watching me, cause i checked every running process, and ran some malware/virus search too.
 

Wicks

Estimable
Apr 2, 2014
10
0
4,560
And btw, why don't they change my password to deny me from recovering it?
1 more thing came into my mind, regarding this problem: i receive a GW2 password recovery like every day, they are all marked as "read", but i can still log in to both my e-mail and GW2, they don't use those recoverys to get a new pass.
 

Hjgrove

Honorable
Dec 8, 2013
52
0
10,590
If they are marked as "Read" then someone is definitely using your email account.
If I were you I would delete that email account.
Most hosts have a option to do so.
Copy any important data and emails and then for GW2 I would send them a email asking them too change the email registered to the account.
And P.S those recovery's is probably them trying to gain access to the GW2 account.
 

Wicks

Estimable
Apr 2, 2014
10
0
4,560
1. they already have access to the GW2 account, and i already wrote an e-mail to NCsoft, to change my login name and e-mail and such, so thats why i don't understand why they ask for password recovery and open those mails, but they don't change it, i can still access my GW2 account, but i see their IP too in there.
2. you said, they might have accessed my computer with remote access. Is there a way to see if this is the case? i checked every running process, and as i said i ran more than one search, but they found nothing.
 

IRyannHD

Estimable
Mar 3, 2014
21
0
4,570
disconnect your PC from the internet and disconnect your phone from your wifi, try changing the password on a phone network like 3g, this will stop any remote access from your pc and phone.
 

Hjgrove

Honorable
Dec 8, 2013
52
0
10,590
If you are worried about this and would like to stop this immediately I would do this:
Disconnect all devices from the Wi-Fi (Like IRyannHD said) then copy all important emails onto a word document so they are safe then I would delete all emails from the account that have sensitive data on it.
Next you can either leave the account or close the email down by speaking to the host/provider
Next (this is optional) if you are worried about the remote desktop client running in the background you can always copy data on the computer onto another computer and then do a "Clean" install (Its where you delete everything off the computer so its like a new computer) and then hacker will not be able to access the computer again.
 

Wicks

Estimable
Apr 2, 2014
10
0
4,560
I see, but there is one thing that i don't understand about them. Today i got 3 Guild Wars 2 password recovery e-mail, in a row. All opened up. I can still log in, no problem. So they just keep sending those password recovery e-mails, opening them, then leaving them. Don't know why ...
 

Hjgrove

Honorable
Dec 8, 2013
52
0
10,590
If I was a hacker (which im not) I would use those password recovery's to try and reset the password of your GW2 account.
But by the looks of it, he cant hack his way through your security questions to change your password.
Hope this helps! ;)