Mates, I’ve suffered a significant setback and could use some help learning from my mistakes. I lost access to several google accounts in the past 2 weeks and could use some outside perspective. My setup is:
- Windows 10 host running VMware Workstation Pro 16.2.5
–1 Windows 7 guest VM
–1 Windows 10 guest VM
Each VM runs a VPN and each connects to the same server. Windows 7 is quite old, but was kept running because that’s the original OS that cookies were extracted from and eventually transferred into the VM.
The reason this is my setup is because my resources are limited. In the past 2 weeks, I lost access to 4 google accounts on Windows 10 and 3 in Windows 7. I received the same message which is “Google needs to verify it’s you…” After entering the password, I get notified it’s the wrong password and that it was changed X days ago. Buggar. It cannot be a coincidence that several accounts have their passwords changed. I logged into a recovery email of one target and saw an email from google stating they noticed suspicious activity and have automatically logged that machine out. I suspect the other accounts received this message and changed their passwords accordingly.
I have so many questions now about cookie extraction, Google’s authentication practices, and so on, but I do not want to drag this post into oblivion so will stop. My purpose is to gain access again, but that may not be possible anymore.
Has anyone encountered this before? How should I proceed? I suspect I downloaded malware from a torrent and that alerted google, but my brain is in the weeds right now trying to trace my steps.
Thanks mates for any advice and experience you can offer.
Olly