Google today said that it's "detected and disrupted" a plan to gain access to hundreds of Gmail accounts through phishing attacks.
That effort, which Google says originated in Jinan, China, targeted user account credentials so that attackers could gain access to personal information including contacts and e-mail conversations. Targets included government officials from the U.S. and "several Asian countries" as well as political activists, journalists, and military personnel, Google said.
"The goal of this effort seems to have been to monitor the contents of these users' e-mails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," wrote Eric Grosse the engineering director for Google's security team in a post announcing the crackdown.
"It's important to stress that our internal systems have not been affected--these account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online," Grosse continued.
Google says it's notified those with affected accounts and has also secured the accounts. The company is encouraging users to add extra layers of security including designing more complex passwords, turning on two-step account verification, and only going through the company's secured "https://www.google.com" domain when logging on from a Web browser.Return to security news headlines
View Security News Archive