Beejive unauthorised GMail mail access?

[jaredm1]

Hi guys,

I've asked this question to Beejive support (no response to emails sent since 30 May) and on the Beejive forums (post not approved from post on 28 May) and I've been very patient with the company. However, they have not replied to my requests so I'm asking on here now.

I am an iPhone Beejive IM user and on 2 May I logged in to my GMail mail account via the web to discover it reported a possible unauthorised access from the IP 64.151.124.28.

This is an IP used by Beejive. I only use Beejive for GTalk and as far as I can establish, accessing GTalk does not automatically mean access to GMail.

Now I'm wondering - were Beejive compromised and they want to keep it quiet? Or do they have a rogue employee? Or is there some other explanation for this? Has this happened to anyone else?

This incident has made me think twice about entering my email details onto third party software like Beejive. I'm hoping for an innocent explanation but that doesn't look hopeful right now.

Edit: screenshot attached of GMail access details page.

 

[iMacDragon]

Hi guys,

I've asked this question to Beejive support (no response to emails sent since 30 May) and on the Beejive forums (post not approved from post on 28 May) and I've been very patient with the company. However, they have not replied to my requests so I'm asking on here now.

I am an iPhone Beejive IM user and on 2 May I logged in to my GMail mail account via the web to discover it reported a possible unauthorised access from the IP 64.151.124.28.

This is an IP used by Beejive. I only use Beejive for GTalk and as far as I can establish, accessing GTalk does not automatically mean access to GMail.

Now I'm wondering - were Beejive compromised and they want to keep it quiet? Or do they have a rogue employee? Or is there some other explanation for this? Has this happened to anyone else?

This incident has made me think twice about entering my email details onto third party software like Beejive. I'm hoping for an innocent explanation but that doesn't look hopeful right now.

Edit: screenshot attached of GMail access details page.

Googletalk does I believe access gmail at some level, in that gtalk transcripts are logged in gmail at least, so I would assume google treat connections to it similarly. I'd assume this is nothing but normal gtalk access. Just testing myself to see how/if it appears.

edit: hmm, ok, perhaps there is something odd about it, unclear really. I don't believe the password ever gets saved at server end either.

 

[jaredm1]

Googletalk does I believe access gmail at some level, in that gtalk transcripts are logged in gmail at least, so I would assume google treat connections to it similarly. I'd assume this is nothing but normal gtalk access. Just testing myself to see how/if it appears.

edit: hmm, ok, perhaps there is something odd about it, unclear really. I don't believe the password ever gets saved at server end either.

Hey thanks for testing, according to http://www.beejive.com/support/forum/viewtopic.php?f=7&t=409 (third from last post) the passwords are sent to Beejive servers although they say authentication data is discarded afterwards.

Clarification: I logged in on 30 May to discover the warning in my GMail account. Although I accessed my mail between 2nd May and 30 May, I did not check my Access Details page and GMail did not give any warning until 30 May.

Edit: On this page: http://www.beejive.com/iphone/ Beejive state "All account information (usernames & passwords) are stored locally on your iPhone and not kept on our servers.". That may be true but it is misleading since the passwords are sent via Beejive servers (thinking about it, they have to be, otherwise Beejive couldn't support Push).

 

[iMacDragon]

Hey thanks for testing, according to http://www.beejive.com/support/forum/viewtopic.php?f=7&t=409 (third from last post) the passwords are sent to Beejive servers although they say authentication data is discarded afterwards.

Clarification: I logged in on 30 May to discover the warning in my GMail account. Although I accessed my mail between 2nd May and 30 May, I did not check my Access Details page and GMail did not give any warning until 30 May.

Edit: On this page: http://www.beejive.com/iphone/ Beejive state "All account information (usernames & passwords) are stored locally on your iPhone and not kept on our servers.". That may be true but it is misleading since the passwords are sent via Beejive servers (thinking about it, they have to be, otherwise Beejive couldn't support Push).

Indeed, any push supporting IM client that isn't by the actual IM provider itself would have to send the password, I wasn't disputing that, just that they state they're not stored on server after login, so it shouldn't be possible for someone to use them. I'll grant, logging into gtalk on beejive does not seem to show up on gmail, so I'm not sure what the case here is, it may well be a server confusion on googles part.

 

[mr1581]

I had the same issue. Received warning that acct may have been compromised. The IP address listed was based out of Ft. Lauderdale, FL if my memory serves me right.

 

[jaredm1]

I had the same issue. Received warning that acct may have been compromised. The IP address listed was based out of Ft. Lauderdale, FL if my memory serves me right.

Interesting, the IP that accessed my account is hosted by ServePath and that company is based in California.

 

[jaredm1]

Their Privacy Policy is a load of crock too http://www.beejive.com/about/privacyPolicy.htm : "We do not collect or store any of your instant message ("IM") account information, such as your user name and password, messages, or contact lists, except that we temporarily store your instant messages solely in order to complete the instant message communication (for example, in response to a dropped call); however after the communication is complete the instant message is deleted from the Beejive system."

Fact is, it isn't just the instant messages they store temporarily, it has to be the username and password. And they do collect that. And from my experience it seems they do store it, contrary to what their website and privacy policy states.

This whole thing has me quite angry, mostly at myself for trusting this fly-by-night operation. And I say fly-by-night because no where on their site can I find a mailing address or phone number and their domain WHOIS info is one of these masking services.

 

[jaredm1]

I'm a bit surprised that I'm the only one who seems to be concerned about this

 

[Apple-NoEscape]

To be honest I have never even really heard of beejive.

I have always trusted meebo for my third party IM service and haven't ever ran into problems with my account being hijacked *touch wood*

Also not meaning to be stupid but where do I find that info on my gmail account?

 

[insidmal]

I use GTalk and not GMail so I don't think the two are related other than being under the same umbrella..

 

[LinMac]

This will be easy to test.

Use any third party IM client such as Adium or similar that suppots GTalk then check your account.

Also make sure BeejiveIM isn't setup to notify you of new email or somesuch nonsense.

 

[jaredm1]

I use GTalk and not GMail so I don't think the two are related other than being under the same umbrella..

They share the same passwords, I haven't found a way to give my GTalk account a different password to the rest of my Google account (which would include GMail, Google Wallet, etc.)

 

[jaredm1]

This will be easy to test.

Use any third party IM client such as Adium or similar that suppots GTalk then check your account.

Also make sure BeejiveIM isn't setup to notify you of new email or somesuch nonsense.

iMacDragon confirmed: even using Beejive in its normal mode won't trigger activity in your Activity Details page. I think it would only appear if they used a GMail mail API.

 

[jaredm1]

At least now I know I'm not the only one:

http://forum.tipb.com/iphone-social-off-topic/183887-problems-gmail.html
http://www.beejive.com/support/forum/viewtopic.php?f=7&t=3009

And in the Beejive forum an admin states: "We use the standard GoogleTalk login scheme, which should NOT cause this alert from Google. However, we have heard of other IM apps causing this problem... Is BeejiveIM the only 3rd party app you're using to access GoogleTalk?"

Clearly something is wrong and now we can't get a peep outta this company.

I've contacted Apple and asked for a refund and asked for the app to be yanked. Somethings wrong and Beejive don't want to talk about it.

 

[jaredm1]

App Store are useless

Well here's all I get from Apple:

Thank you for contacting iTunes Store Customer Support. My name is ****, and I will be assisting you today.

I understand you have concerns with the security of your information when using "BeejiveIM with Push".

I would be happy to help, but the iTunes Store Customer Support team does not evaluate and review these applications, so I can't give you specific information or approach them on your behalf. We handle issues with your iTunes account only.

Please note that Beejive Inc. is the best resource for information about BeejiveIM Push. Therefore, I recommend you contact Beejive Inc. directly. I know you have not received a response from your previous effort, but they are the correct people to contact. Please visit:

http://www.beejive.com/support/

Your request for a refund for "BeejiveIM Push" was carefully considered; however, according to the iTunes Store Terms of Sale, all purchases made on the iTunes Store are ineligible for refund. This policy matches Apple's refund policies and provides protection for copyrighted materials.

You can review the iTunes Store Terms of Sale for more information:
http://www.apple.com/legal/itunes/uk/sales.html

I can give you some information on how to remove the application from your iPhone if you wish. Please review page 190 of the iPhone User Guide.

http://manuals.info.apple.com/en_US/iPhone_iOS4_User_Guide.pdf

I hope the above information resolves your issue.