The Truth Behind Gmail "Hack"

Phishing is not hacking. Users were tricked more than violated ... and other lessons from yesterday's made-up story.

blunt instruments

"Gmail Hack" was scattered across media headlines yesterday, inciting the rumor that Google's popular email platform had been the victim of a cyber-attack. It wasn't true. Google was not hacked, a company spokesman tells Fast Company. Some users were duped into supplying passwords to fraudulent emails masquerading as trustworthy sources (known as phishing)—a very common occurrence.

The allegedly shocking news was creatively extrapolated from a blog post Google wrote to warn users about the importance of proper password protection, citing that even "senior government officials" had fallen prey to attacks due to careless security precautions. The result of the misleading headlines was Google being falsely lumped in with actual hack attacks, like those against Sony's Playstation network hack. "Sony <-> Apple <-> Google...is anyone taking data security serious anymore?!" wrote one angry user online. "Gmail hacked and will this affect trust in Google Docs and related services?" wrote another.

In this case, Google was burned for attempting to warn users against phishing, under the backdrop of a series of high-profile attacks, including Congressman Anthony Weiner's (somewhat comical) scandal related to an apparent hacker replacing his picture with a close-up of bulging underwear. In the blog post, Google outlines several common-sense precautions, including never supplying a password through email, using strong passwords (with capitals and numbers), and not replying to emails that Google redflags as suspicious with bright red text. Senior government officials or those with sensitive material might even take further precautions, including two-step verification, which sends a numeric code to the user's phone in addition to requiring a password.

The first clue to the suspiciousness of the story should have been the fact that only "hundreds" of emails were hijacked. Phishing attacks are so exceedingly common that Gmail has a built in speed-dial button next to the "reply" option to alert Google to fraudulent attempt to attain passwords. Anyone who's ever been sent a spam email by a friend or seen a sketchy Facebook post that links to a website completely unrelated to the link title has witnessed an account hack.

However, the fact that the attacks originated from China was news, especially given the nerve-racking announcement that the Pentagon will treat cyber-attacks as acts of war. Worrisome, since the Chinese government has, in the past, reportedly been the source of attacks against Google. The fallout, if it's discovered that these most recent Gmail attacks originated from the Chinese military, will be far greater in scope than a few hundred people losing temporary access to their email.

[Image: Flickr user Fort Rucker]

Add New Comment

5 Comments

  • Hashim Ali

    Please check my email address also. Somebody please help me, I think they got hacked.
    hashimavhae@gmail.com
    hashimavha@gmail.com
    hashimaliv@gmail.com
    08655769903

  • Pedro P Quiros

    Someone sent a message last Tuesday hacking my email address, requesting emergency money using the story I had  I had lost documents and suitcase in London. A nice friend reacted and sent US$1500 through Western Union, and got the request to send Us$1200 additional. So I got a call explaining the events. I will report this to the FBI, however I have not been able to obtain a google, or gmail address where to present this type cof case to you, the service provider. The purpose of this message is to be guided by you. Pedro P. Quiros

  • Robert O.

    I can't get played that way . I have customers and clients to look after them makes me all the reason to pull everythig from Google and find someone else yep the decline of Modern Investigitive Journalism , I can't take gambles with companies that are toy with my customers and clients base