Beejive unauthorised GMail mail access?

Discussion in 'iPhone' started by jaredm1, Jul 3, 2010.

  1. jaredm1 macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #1
    Hi guys,

    I've asked this question to Beejive support (no response to emails sent since 30 May) and on the Beejive forums (post not approved from post on 28 May) and I've been very patient with the company. However, they have not replied to my requests so I'm asking on here now.

    I am an iPhone Beejive IM user and on 2 May I logged in to my GMail mail account via the web to discover it reported a possible unauthorised access from the IP 64.151.124.28.

    This is an IP used by Beejive. I only use Beejive for GTalk and as far as I can establish, accessing GTalk does not automatically mean access to GMail.

    Now I'm wondering - were Beejive compromised and they want to keep it quiet? Or do they have a rogue employee? Or is there some other explanation for this? Has this happened to anyone else?

    This incident has made me think twice about entering my email details onto third party software like Beejive. I'm hoping for an innocent explanation but that doesn't look hopeful right now.

    Edit: screenshot attached of GMail access details page.
     

    Attached Files:

  2. iMacDragon macrumors 65816

    iMacDragon

    Joined:
    Oct 18, 2008
    Location:
    UK
    #2
    Googletalk does I believe access gmail at some level, in that gtalk transcripts are logged in gmail at least, so I would assume google treat connections to it similarly. I'd assume this is nothing but normal gtalk access. Just testing myself to see how/if it appears.

    edit: hmm, ok, perhaps there is something odd about it, unclear really. I don't believe the password ever gets saved at server end either.
     
  3. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #3
    Hey thanks for testing, according to http://www.beejive.com/support/forum/viewtopic.php?f=7&t=409 (third from last post) the passwords are sent to Beejive servers although they say authentication data is discarded afterwards.

    Clarification: I logged in on 30 May to discover the warning in my GMail account. Although I accessed my mail between 2nd May and 30 May, I did not check my Access Details page and GMail did not give any warning until 30 May.

    Edit: On this page: http://www.beejive.com/iphone/ Beejive state "All account information (usernames & passwords) are stored locally on your iPhone and not kept on our servers.". That may be true but it is misleading since the passwords are sent via Beejive servers (thinking about it, they have to be, otherwise Beejive couldn't support Push).
     
  4. iMacDragon macrumors 65816

    iMacDragon

    Joined:
    Oct 18, 2008
    Location:
    UK
    #4
    Indeed, any push supporting IM client that isn't by the actual IM provider itself would have to send the password, I wasn't disputing that, just that they state they're not stored on server after login, so it shouldn't be possible for someone to use them. I'll grant, logging into gtalk on beejive does not seem to show up on gmail, so I'm not sure what the case here is, it may well be a server confusion on googles part.
     
  5. mr1581 macrumors 6502

    Joined:
    Jun 21, 2007
    #5
    I had the same issue. Received warning that acct may have been compromised. The IP address listed was based out of Ft. Lauderdale, FL if my memory serves me right.
     
  6. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #6
    Interesting, the IP that accessed my account is hosted by ServePath and that company is based in California.
     
  7. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #7
    Their Privacy Policy is a load of crock too http://www.beejive.com/about/privacyPolicy.htm : "We do not collect or store any of your instant message ("IM") account information, such as your user name and password, messages, or contact lists, except that we temporarily store your instant messages solely in order to complete the instant message communication (for example, in response to a dropped call); however after the communication is complete the instant message is deleted from the Beejive system."

    Fact is, it isn't just the instant messages they store temporarily, it has to be the username and password. And they do collect that. And from my experience it seems they do store it, contrary to what their website and privacy policy states.

    This whole thing has me quite angry, mostly at myself for trusting this fly-by-night operation. And I say fly-by-night because no where on their site can I find a mailing address or phone number and their domain WHOIS info is one of these masking services.
     
  8. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #8
    I'm a bit surprised that I'm the only one who seems to be concerned about this :confused:
     
  9. Apple-NoEscape macrumors 6502

    Joined:
    Mar 25, 2010
    Location:
    United Kingdom
    #9
    To be honest I have never even really heard of beejive.

    I have always trusted meebo for my third party IM service and haven't ever ran into problems with my account being hijacked *touch wood*

    Also not meaning to be stupid but where do I find that info on my gmail account?
     
  10. insidmal macrumors 6502

    insidmal

    Joined:
    Jun 24, 2010
    Location:
    Eugene
    #10
    I use GTalk and not GMail so I don't think the two are related other than being under the same umbrella..
     
  11. LinMac macrumors 65816

    Joined:
    Oct 28, 2007
    #11
    This will be easy to test.

    Use any third party IM client such as Adium or similar that suppots GTalk then check your account.

    Also make sure BeejiveIM isn't setup to notify you of new email or somesuch nonsense.
     
  12. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #12
    They share the same passwords, I haven't found a way to give my GTalk account a different password to the rest of my Google account (which would include GMail, Google Wallet, etc.)
     
  13. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #13
    iMacDragon confirmed: even using Beejive in its normal mode won't trigger activity in your Activity Details page. I think it would only appear if they used a GMail mail API.
     
  14. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #14
    At least now I know I'm not the only one:

    http://forum.tipb.com/iphone-social-off-topic/183887-problems-gmail.html
    http://www.beejive.com/support/forum/viewtopic.php?f=7&t=3009

    And in the Beejive forum an admin states: "We use the standard GoogleTalk login scheme, which should NOT cause this alert from Google. However, we have heard of other IM apps causing this problem... Is BeejiveIM the only 3rd party app you're using to access GoogleTalk?"

    Clearly something is wrong and now we can't get a peep outta this company.

    I've contacted Apple and asked for a refund and asked for the app to be yanked. Somethings wrong and Beejive don't want to talk about it.
     
  15. jaredm1 thread starter macrumors regular

    Joined:
    Jun 27, 2009
    Location:
    Bucks, UK
    #15
    App Store are useless

    Well here's all I get from Apple:
     

Share This Page