Published June 02, 2011
"Gmail Hack" was scattered across media headlines yesterday, inciting the rumor that Google's popular email platform had been the victim of a cyber-attack. It wasn't true. Google was not hacked, a company spokesman tells Fast Company. Some users were duped into supplying passwords to fraudulent emails masquerading as trustworthy sources (known as phishing)--a very common occurrence.
The allegedly shocking news was creatively extrapolated from a blog post Google wrote to warn users about the importance of proper password protection, citing that even "senior government officials" had fallen prey to attacks due to careless security precautions. The result of the misleading headlines was Google being falsely lumped in with actual hack attacks, like those against Sony's Playstation network hack. "Sony <-> Apple <-> Google...is anyone taking data security serious anymore?!" wrote one angry user online. "Gmail hacked and will this affect trust in Google Docs and related services?" wrote another.
In this case, Google was burned for attempting to warn users against phishing, under the backdrop of a series of high-profile attacks, including Congressman Anthony Weiner's (somewhat comical) scandal related to an apparent hacker replacing his picture with a close-up of bulging underwear. In the blog post, Google outlines several common-sense precautions, including never supplying a password through email, using strong passwords (with capitals and numbers), and not replying to emails that Google redflags as suspicious with bright red text. Senior government officials or those with sensitive material might even take further precautions, including two-step verification, which sends a numeric code to the user's phone in addition to requiring a password.
The first clue to the suspiciousness of the story should have been the fact that only "hundreds" of emails were hijacked. Phishing attacks are so exceedingly common that Gmail has a built in speed-dial button next to the "reply" option to alert Google to fraudulent attempt to attain passwords. Anyone who's ever been sent a spam email by a friend or seen a sketchy Facebook post that links to a website completely unrelated to the link title has witnessed an account hack.
However, the fact that the attacks originated from China was news, especially given the nerve-racking announcement that the Pentagon will treat cyber-attacks as acts of war. Worrisome, since the Chinese government has, in the past, reportedly been the source of attacks against Google. The fallout, if it's discovered that these most recent Gmail attacks originated from the Chinese military, will be far greater in scope than a few hundred people losing temporary access to their email.