909

I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.

Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.

He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.

I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.

I included a card:

"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"

Comments
  • 83
    Did you really do all the mentioned in the end!?
  • 288
    @Nawap Yes. The kid made thousands a month through various dubious channels. I won't judge, but I thought I'd help him spend it better than on parts for his tuned car.

    He quickly changed his PayPal password, and I stopped receiving the forwards. His mom posted a picture drinking a cocktail in the bar of the luxury cruise ship on Facebook mentioning she loved her son. Such a great lady. 😄
  • 156
    Omg. If this is real this was the best thing ever.

    Stealing a stealer. Not aware of possible legal actions tho.
  • 12
    Cool story!
  • 88
    @ivoecpereira I don't enjoy ruining lives, and it was not my intention to gain anything from it either. I just thought it was a dick move that he kept messaging his mom "desculpe eu nao tenho dinero", begging for funds, while buying luxury goods for himself.
  • 26
    @bittersweet I am totally with you on this one, and I think the same exact way.

    The unique thing that would have prevented me to do it would be only be possible legal actions but still...
  • 57
    @ivoecpereira My alignment is chaotic good, sometimes chaotic neutral, depending on whether I've had my coffee.
  • 19
    Wow! Just wow! It looks like a Hollywood cinema twist but it's irl
  • 12
    @bittersweet I´m going to quote you on the alignment part.

    Also nice job on getting revenge. Admirable and yet hilariously disturbing persistence for 7 years.
  • 10
    @bittersweet that's the best revenge attack ever lmao
  • 11
    You are a good guy.
  • 9
    @Cyanide true. I even found it cute of him giving that Brazilian guy's mom such a gift :)
  • 8
    I fucking loved this story! Nice work!
  • 11
    Not all heroes wear capes.
    OP is one example :)
  • 5
    I'm proud to be this post's 69th ++
    Good job OP
  • 8
    I like how you reacted to this, because if you emptied his paypal or responded negatively for this, lets say no one comes a winner of it, but with what you did and him finding out about forward rule, I'm sure he wont be doing anything wrong due to all the proof you have about what he is doing.
  • 10
    I salute you, sir. Sending his ma on a cruise was just the classiest move ever!
  • 7
    Couldn't you use a password reset request because it would have forwarded that to right
  • 4
    @bittersweet The modern Arsene Lupin
  • 11
    @inpothet Google is pretty smart in locking out attackers and keeping you in, using questions, verified phone numbers, ip addresses, etc. Problem is, eventually all those things start favoring the one who took over.
  • 5
    I'm sorry, I don't believe a word. There are tons of ways to proof this story without sharing the details. Go ahead ;)
  • 6
    I don’t care if it’s real, but this one of the best rants I’ve read so far.
  • 3
    Priceless:)
  • 3
    Oof, that kid got what he deserved.
  • 2
    This sounds like something Elliot Alderson would do
  • 3
    Had to do it.
  • 3
    You clever man... I would have done something about it as soon as I noticed it, but what you did was amazing as all hell
  • 2
    Would love to see that happening to Elliot in Mr robot. If anybody has connections make that happen please 😄
  • 1
    I'd have rinsed him for all he had. At the end of the day, he took your account and would have no doubt happily taken your PayPal details if they were available too.
  • -1
    That's simply awesome and very thoughtful, you made my day.
    We shouldn't think of ruining people, kinda people(brazilian) are already ruined by their acts
  • 2
    Revenge is a dish best served cold.

    This is simply awesome! :)
Add Comment