Google: Hundreds of Gmail accounts in U.S., Asia hacked

Google: Hundreds of Gmail accounts in U.S., Asia hacked

Summary: Hackers around the world are gaining more attention than usual in the last few months. Now Google has added another announcement to the pile that hundreds of Gmail accounts have been hacked recently.

SHARE:

Hackers around the world are gaining more attention than usual in the last few months. Now Google has added another announcement to the pile that hundreds of Gmail accounts have been hacked recently.

Now, Google affirms that the problem doesn't rest with Gmail security but rather this scheme was a result of phishing and malware.

Google spilled the details on Wednesday via its official blog:

Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.

The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings.

Gmail users affected by this security mishap should have already been notified. Google's security team outlined a number of steps that Gmail users can take to protect themselves, which should only take about "ten minutes."

Google recommended the following:

  • Use two-factor authentication;
  • Choose a strong password;
  • Watch for suspicious activity warnings in your Gmail account;
  • Check your settings for odd forwarding.

Google gave a hat tip to the blog Contagio, which highlighted the risks in February.

This attack attempt might seem like a small incident (which it certainly is in comparison to the problems with Sony's PlayStation Network or even Apple and the MacDefender issue), but it's a reminder that it's always a good idea to take even just a few moments to ensure your online identity is safe.

Related coverage on ZDNet:

Topics: Security, Browser, Cloud, Collaboration, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    Checked mine, seems OK.
    I rarely use it anyway.
    MoeFugger
    • Phew!

      @MoeFugger thank goodness. Any other owners of the other several hundred million account not affected want to chime in? Especially those who rarely use it anyway?
      Mr. Copro Encephalic to You
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      because u r not important
      nikm@...
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    If we only think like crimmals for our own proction.Using numbers and lettersin password seams to slow down the HACKES
    oklook@...
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      @oklook@...

      Yes, we should all have stronger passwords that contain numbers and special characters, but did you read the article? The passwords were being collected, likely through phishing. It doesn't matter how secure your password is if you hand it over to the bad guy.
      JohnJacob1161
      • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

        @JohnJacob1161
        If hackers use random brute force character detection of passwords, then a user choosing (or not) to utilize any characters has nothing to do with how easily they are hacked, as every character combination needs to be repetetively tried anyway - or did I miss something here?
        brainditch
      • Yes. Google only need one line to prevent this. Switch to HOTMAIL!!

        Google has given the public nothing but security problem riddled software since they did anything beyond search.
        From the release of Google desktop...banned by most govenment agencies and healthcare organizations etc. originally and hopefully all Google software will be jettisoned now.
        People like DB tell us the wonders of Google and how much better internet based computing is, but if I have to check my email account's settings every time I use it, forget it. Might as well go back to the U.S. postal service for less hassle.
        Just say NO to Google. Their "Do no Evil" slogan has become the joke of the industry.
        Hotmail via Windows LIVE 2010 or 2011 offers a full blown email client that is not just a web page with links jumbled all over the place, but rather a good emulation of Outlook 2010 for free with the best productivity tools and features available. Skydrive, Word, Excel, Powerpoint, OneNote and many more tools, all with the 2010 interface for free is the absolute best online productivity suite you will find.
        Microsoft has the absolute best anti phising features and site scanning available today in their products. IE provides scanning that detects 60% more rigged sites than Chrome, Safari and FF combined.
        xuniL_z
      • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

        @JohnJacob1161 This pertains to xuniL_z's reply: Last time I looked Hotmail was M$ & I don't use M$ for anything that another program will do. Why? Well, it is because of people like xuniL_z who are living proof that intelligence is not universal.

        M$ is at the root of malware IMHO!
        tegil
      • tegil, you have only proved one thing with your personal attack on me.

        The lack of tolerence of others opinions is indeed universal. <br><br>Your attack shows you are not willing to stand for other opinions that don't match yours. There is a word for people like you but I'll restrain myself because I'm not like you and would never want to be.<br><br>Your attack culminated with the accusation that Microsoft is somehow behind all malware. Watch out of the black helicopters and keep your tin foil hat handy. <br><br>Good day sir.
        xuniL_z
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    how do i implement two-factor? will gmail support my RSA token i already have??
    Kevin Groff
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      @kevin_groff@...
      Google Lockheed and RSA hack before you start asking about EMC RSA Token use.......
      GDoC
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      @kevin_groff@... No, not your RSA token, but an app on your cell phone, a call to your land line phone, and/or printed one time passwords.
      crythias
      • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

        Sweet! I always wanted to have my phone ring every time I checked my e-mail.
        nacht@...
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    @wraith404

    You might be right about Yahoo being hacked. My dad's Yahoo email account was hacked just two days ago and was used to spam everyone on his very large contact list - which includes much of our extended family and all of his clients and business contacts. He had to make a lot of phone calls yesterday. I traced the culprit to an IP address in Thailand, but it's quite possible he might actually be in China.
    eMJayy
    • I just hope we are not aiming at the wront people.

      @eMJayy
      xuniL_z
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    @wraith404 are you sure it was hacked? Did you use that email address and password on any other sites? If so, that may be where the leak occurred.
    JohnJacob1161
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      @JohnJacob1161

      I am as certain as I can reasonably be. This is a secondary account that I rarely log into, and never use in conjunction with any other sites or services. I have no linked accounts, and do not participate in any other yahoo services (such as messenger etc).
      wraith404
  • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

    @wraith404
    I've not seen anything from Yahoo, but I did a forensic analysis for a friends "hacked" yahoo account and found that it wasn't necessarily his account that got hacked, but that someone had had inserted a pseudo smtp server into the yahoo e-mail handling/relay service.
    What this says in non-geek speek is that they had tricked the yahoo servers into accepting relay/spam request from what would appear to the other servers as being a legitimate source. So long story short, it is possible that even though the emails appeared to come from my friends account it wasn't necessary for the account to actually be compromized, but for the username only to be known.
    I suggested my friend notify yahoo as I have no affiliation with them.
    GDoC
    • RE: Google: Hundreds of Gmail accounts in U.S., Asia hacked

      @GDoC
      Good analysis. Darn it.
      That's smart.
      archetuthus
    • Sorry, but...

      @GDoC If the contact list was spammed, then YES, that account was hacked, the activity is NOT the result of an "inserted" smtp server... Granted, it would appear that BOTH possibilities are likely, across multiple cases being reported.
      flared0ne