Google released a small update yesterday that adds information about recent activity on your Gmail account to the bottom of the Gmail interface.
The new option in the Gmail interface
It also includes a link to further information, including details of IP addresses and methods that have recently been used to access your account. If anyone has accessed your mail in any way, it will be reported here.
Argh! What is that?!
I checked mine the minute it showed up in my inbox, and was shocked to see a bunch of IP addresses listed, when I hadn’t been anywhere near my computer in the last five hours.
In the screenshot, the blurred addresses marked with asterisks are my home computer’s IP address. But there are two addresses there that are listed as having accessed my account through IMAP and “Mobile” access.
I have to admit here that I freaked out for a second. I couldn’t think where or when anyone or anything could access my account. Two addresses - 220.127.116.11 and 18.104.22.168 had snuck into my account and peeked at my stuff!
Let me just say at this point that neither of the addresses I just listed are doing anything wrong. I freaked out for a second. I’m writing this post to help out anyone else who has unidentified addresses accessing their mail.
But lets not get carried away. Before I truly started freaking, I wracked my brains for any other computers I might have set up to access my account, or for any other service I could think that could be using my mail. At this point, nothing came to mind.
Working backwards from what information I had, I ran a “whois” on the addresses.
The address belongs to “SoftLayer Technologies Inc.”, and I have no idea who they are, but further down the page I get the last bit of information I need to unravel the “mystery”. Under the “Additional Information” section is this:
And I remember1 I signed up for Xoopit, a service that searches my mail and finds all the photos and videos therein. Perfectly legitimate (I gave it my password), and totally not malicious. The other service turned out to be Zenbe.com, another free mail service (like Gmail) that has a few other nifty features. I tried it out a few months ago and forgot about it, but it happily kept fetching my mail from my main account all the while.
So, crisis averted. But the experience highlighted a couple of things for me.
Don’t be a douche and don’t freak out so easily
If you sign up for something that has potential privacy ramifications, write it down or keep a record somewhere so you know what services are accessing what.
When you have access to a tool like this2 - use it. It only takes a second, and it can be incredibly useful. It reminded me of two services I’d forgotten about, and in future, could save me from a real problem.