News - Security Issues

Spammers hit Gmail accounts

Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. Generally, online accounts become compromised after phishing attempts or by malicious programs. In this particular case, it is not clear how user’s accounts were accessed.

“The Gmail team takes security very seriously and is investigating the reports we’ve seen…” Google said Tuesday. “We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/.”

It appears that Gmail’s mobile interface is the preferred access method for these attacks. If you use Gmail and would like to learn how your Gmail account has been accessed simply click the “Details” link at the bottom of the Gmail page. If it is apparent that your Gmail account has been accessed by anyone other than an authorized user, the Secure Florida team recommends changing your password. You may learn more about password security from www.SecureFlorida.org.

Some members of a Gmail user forum suspect there may be a Gmail bug, however Google says, “Our investigation has not given any indication of a bug in Gmail, either in the mobile interface or otherwise.”

Monday April 19, 2010, the New York Times  reported that hackers compromised Google’s centralized login system, code named Gaia, in late December.

While the timing of these two incidents may seem suspect, they are likely unrelated because of their differing nature. The December attack was a sophisticated attempt to steal data and intellectual property from Google. The less sophisticated Gmail spam incident promotes Canadian pharmaceutical Web sites offering cheap drugs to U.S. customers.