Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Uncovers China-Based Password Collection Campaign

Posted by samzenpus on from the all-your-passwords-are-belong-to-us dept.

D H NG writes "Google announced that it recently uncovered a campaign to collect users' passwords. The campaign, apparently originating from China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. Google said it detected and has disrupted this campaign and has notified victims and secured their accounts, as well as notified the relevant government authorities."

5 of 186 comments (clear)

  1. Re:...Wh.. by milkmage · · Score: 3, Informative

    where the hell have you been?

    "In its first formal cyber strategy, the Pentagon has concluded that computer sabotage by another country could constitute an act of war"

    http://www.msnbc.msn.com/id/43224451/ns/us_news-security/t/sources-us-decides-cyber-attack-can-be-act-war/

  2. Desperate people do desperate things by currently_awake · · Score: 3, Informative

    The world is currently in the early stages of a great depression. The huge increase in computer crime and the revolts in arab countries are just symptoms of that.

  3. Re:Hmm by nurb432 · · Score: 3, Informative

    Who said it was the Chinese government?

    --
    ---- Booth was a patriot ----
  4. Re:excellent PR by Google by SpaceLifeForm · · Score: 3, Informative

    That is because it was NOT a data breach at Google, but a phishing campaign.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  5. 2 Step Authentication by Kamiza+Ikioi · · Score: 3, Informative

    I use Lastpass (which got hacked recently, but my LastPass crypto password was pretty secure). I also use the Google 2 Step Authentication. Once Facebok implements this as well, I will switch immediately. I log in to most sites with either Google or Facebook. I prefer Google, because it's usually just confirming the email, whereas apps that log in to Facebook want access to data, my wall, my friends, etc. That's as stupid, imo, as an app or site asking, "Login with Google, and give us permission to read your email and send email as you."

    What many people don't know is that Google has some privacy features built in if you know where to look. At the bottom of the page it says something like:

    Last account activity: 4 minutes ago at this IP (127.0.0.1). Details

    Click Details and you'll see:

    This account does not seem to be open in any other location. However, there may be sessions that have not been signed out.

    Browser * United States (NY) (127.0.0.1) 5:45 am (0 minutes ago)
    Browser United States (NY) (127.0.0.1) 5:39 am (5 minutes ago)
    Mobile United States (NY) (127.0.0.1) 4:03 am (1.5 hours ago)
    Mobile United States (CA) (127.0.0.2) 6:19 pm (11 hours ago)
    Browser United States (NY) (127.0.0.1) Jun 1 (18 hours ago)
    Mobile United States (NY) (127.0.0.3) Jun 1 (20 hours ago)

    Now, unless you were in CA recently (or have a proxy), this shows that someone hacked your account 11 hours ago from California.

    Click the "Sign out all other sessions" button, then go change your password ASAP and enable 2 Step Authentication if you haven't already.

    --
    I8-D