Well, this sucks. Google’s just notified folks that they have foiled plans from hackers believed to be from China. Google claims they foiled the group’s plans before too much damage could be done, but did say that there were a number of victims whose information may have been compromised.
Gmail passwords were retrieved through what Google believes to be a phishing attack. After getting these passwords, the violators would sign in and forward the victim’s email to another address, all without the users knowing.
It’s a good time for you guys to check up on your accounts. Change your passwords, make sure no messages have been sent from your account, and double check your email forwards and filters to make sure your email isn’t being sent to someone else’s inbox. Check Google’s blog out for more details and stay safe, folks.
PROTIP: Use two-step authentication. Solves 99% of these problems.
how do you do this
From your gmail account, select your username in the top right to bring down the menu bar. Select “Account Settings”. It’ll bring up a new window/tab. Under “Personal Settings” there should be a link that says “Using 2-step verification”. Follow the directions provided. I didn’t even know this existed till I started digging around…
Been using it for a couple months now. It can be a huge pain in the ass when your password expires or you need to sign into Android on a new device, but the added security is soooooo worth it
This happened to me a couple months ago. (I contacted Gmail but got no reply back, could be different people). My Android phone alerted me that suspicious activity was going on with my account and froze my account and allowed me to set a new password. It sent emails not to people on my friends list but to people I’ve sent email to, some people from a couple years ago.
This was likely when your Gizmodo account was hacked – do you use the same password?
If they cracked my 18 character password and 2-step authentication then they can do as they please with my Google account because they are likely going to become our Robot Overlords one day and I submit to them.
Oh, and if you’re using a Google account w/o a strong password & 2-step auth then you can get hosed like you deserve.
Welcome to the world of the new.
Bob I don’t say this often but BEST POST EVER!!!! SUBMITTING TO ROBOT OVERLORDS, AAAAHAHAHAHAHAHAHAHAHAHAHAH! CLASSIC BOB FOR YA!
I’m also using two step authentication. I highly suggest it. I am using a 9 digit alpha numeric and special character password. I think that is roughly equal to 68 billion combinations. So even if they hack my password they still need my authentication password. Christ I think Bob is right… they would be Robot Overlords.
Ditto. Everyone who hasn’t done so yet should enable the 2 step verification.
thanks to this alert, i enabled two step verification- didnt even know of the feature before
Or, you know, look at the URL before you log in.
Next generation browsers want to hide the URL bar.
That’s the worst idea I’ve heard today.
Hello AOL 1995
Or don’t click on the log-in link in any e-mails from [email protected] warning you about your log-in expiring and then don’t just trust the website. Even when I think it’s a legitimate e-mail I’ll open a browser window and go to the site myself to log in.
Basically, follow the same common sense security rules that people have been touting since the advent of e-mail and you can easily avoid issues like this one.
I’m pretty sure that the only accounts targeted were those of gov’t officials and persons of interest to the Chinese powers that be. At least, that’s what BBC said.
I mean, consider that there are X00,000 gmail accounts, and only so many hackers, with only so much time before they know google catches on and starts a lock-down. I don’t think they’re going after little-nobody-fish like us.
I don’t even use my Gmail for correspondence, so this doesn’t affect me. Also, as a general rule, I never click links in any emails that I receive to sign in.
I go directly to the website and then sign in. That is just safe practice there.
Wow I just set up a two step, thats kinda nuts.
phishing is not hacking!!!!!! GRRRRRR!!!!
That depends on your definition of hacking. It may not be sophisticated, but to many people it is a form of hacking. Maybe the better term is Social Engineering. But Social Engineering is recognized as a form of hacking.
You also failed to complain about using the term ‘hacking’ instead of ‘cracking’. :-)
Ya, if you fall for a phishing attack, you’re a loser.