Gmail smells phishy
Google has confessed up to the fact that it too was affected by a recent phishing scheme which saw tens of thousands of passwords from Hotmail, Yahoo!, Comcast and EarthLink harvested by identity-stealing thieves.
"We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts," a Google spokesman told ComputerWorld today, although he insisted the nefarious attack had affected just a "small number" of Gmail accounts.
On Monday it was widely reported that between 10,000 to 20,000 passwords were obtained surreptitiously, in what appears to have been more of a social engineering/phishing scam than any outright hack. Indeed, Google is sticking to Microsoft's line of defence, noting the webmail service itself hadn't been hacked and that the problem hadn't arisen out of any negligence of Google's. "This was not a Gmail security issue, but rather a phishing scheme," he declared defensively.
"As soon as we learned of the attack, we forced password resets on the affected accounts," he continued, adding, "we will continue to force password resets on additional accounts if we become aware of them." The spokesperson emphasised that any users who felt their accounts had been left vulnerable should change their passwords immediately.
There has been some controversy, however, over why neither Microsoft nor Google sought to directly warn users their accounts may have been compromised, either via an email, or by simply sticking a warning message up on the services themselves. Microsoft, however, did take action to block access to accounts it knew had been hijacked and has now made tools available to victims to help them take back control of their accounts.
