Business

Google discloses China-based ‘hijacking’ of Gmail accounts

MOUNTAIN VIEW, Calif. — Google Inc. said Wednesday that hundreds of users of its Gmail email service were tricked into sharing their passwords with “bad actors” based in China, potentially further complicating relations between the internet giant and the country with the highest number of internet users, The Wall Street Journal reported.

Google, which has blamed China for a previous attack on the company’s computer networks, said its security and abuse detection systems recently discovered that users of its popular Gmail service had fallen for what are called “phishing scams.”

Such exploits trick users into sharing their passwords — and the campaign, which Google said “appears to originate from Jinan, China,” targeted specific individuals.

Among the affected users are “senior US government officials, Chinese political activists, officials in several Asian countries [predominantly South Korea], military personnel and journalists,” said Eric Grosse, an engineering director on Google’s security team, in a post on the company’s blog.

The company declined to comment on the identities of the affected individuals, how it traced the attacks to Jinan or who may be behind the incident, according to the Journal.

“We have notified victims and secured their accounts,” Grosse said. “In addition, we have notified relevant government authorities.”

The White House was investigating the situation but had no reason to believe that Gmail accounts of senior government officials were hacked, an official told AFP.

“We’re looking into these reports and are seeking to gather the facts,” the official said on condition of anonymity.

“We have no reason to believe that any official US government email accounts were accessed,” the official said, referring other queries to the Federal Bureau of Investigation.

Grosse said the goal of the hijacking campaign “seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to” get in-bound emails to be forwarded to accounts of their choosing.

He encouraged Gmail users to better protect their information online by using what is called a “two-step verification” when logging into Gmail so that the system can recognize the computer or mobile device from which a user is logging in, not just his or her password. The process “protected some accounts” from the China-based attack, he said.

The company has said there are more than 200 million Gmail users.