Google warns Iranian users of possible security breach

Google has taken the step of informing Iranians that their Gmail account passwords may have been compromised after the DigiNotar breach.

Late last week, Google revealed that it's been been contacting Iranian users and advising that they change their Gmail passwords in the wake of the DigiNotar security certificate breach.

On August 30th, Google reported that an anonymous Iranian black hat cybercriminal going by the handle "Comodohacker" attempted an SSL man-in-the-middle (MITM) attack on Google services using that purloined DigiNotar certificate.

Essentially, Comodohacker was able to set up his own fake pages under the domain, intercepting user passwords when they thought they were legitimately logging into Gmail. And that attack primarily targeted users located in Iran.

Google claims that users of the Chrome browser should have been protected. But not everybody uses Chrome, and regardless, Google is strongly advising all of its Iranian customers to secure their accounts.

To be more precise, Google's blog entry says:

"While Google’s internal systems were not compromised, we are directly contacting possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users."

Google is recommending that users in Iran (and anyone else who suspects they may have been affected) to review their password recovery options, including any phone numbers or secondary e-mail addresses they can use to change their password if the need ever arises. It seems like a more than reasonably prudent measure.

Comodohacker is also claiming to have certificates for Facebook, Skype, Mozilla, Microsoft, Yahoo, Android and Twitter, as well as domainsbelonging to the CIA and Israel's Mossad, according to MSNBC.

The Google Chrome browser is already protected against DigiNotar-based attacks thanks to its ability to detect fraudulent certificates, but Google's disabled the DigiNotar certificate authority entirely to be on the safe side until things are resolved. And Mozilla Firefox, Apple Safari (On Mac OS X 10.5 and higher), and Opera have all followed suit.

Until DigiNotar cleans up its act, there are going to be a lot of exposed users out there - note Microsoft Internet Explorer's absence from that list of browsers. It's going to be interesting to see how this plays out. And again, if you suspect for even a moment that you've been compromised - change your password.

Update: A Microsoft spokesperson has reached out to clarify that it has taken similar steps to Google and Mozilla in protecting Internet Explorer users by blocking DigiNotar certificates.