/>
X

Attackers hit Google single sign-on password system

The New York Times is reporting that Google's password system was compromised during a targeted attack last December.
ryan-naraine.jpg
Written by Ryan Naraine on

The New York Times is reporting that Google's password system was compromised during a targeted attack last December.

The system, called Gaia or Single Sign-On,  controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.

NY Times reporter  John Markoff writes:

The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

[ SEE: Google was hacked with IE zero-day ]

The report said the hack started with an IM message to a Google employee in China who was using Microsoft MSN Messenger.

By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.

In January, Google acknowledged that its systems were compromised by attackers exploiting an Internet Explorer zero-day vulnerability.

At the time, Google said the attacks were very targeted and resulted in the theft of intellectual property.  Several other big-name U.S. companies, including Adobe and Juniper were also breached in the same attacks.

Related

A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business
Dear American Airlines customers, your pilot today is a United Airlines trainee
gettyimages-1155904758-american-airlines-dreamliner2.jpg

Dear American Airlines customers, your pilot today is a United Airlines trainee

Business
The ultimate Windows troubleshooting trick
windows11-repair-install

The ultimate Windows troubleshooting trick

Windows