Google Responds to GMail Vulnerability Allegations

Google says the recent GMail account breeches were due to typical phishing scams, not a vulnerability in GMail itself.

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords.

They don’t say exactly how the usernames and passwords were harvested, however.  Were people just dumb/gullible enough to type their Google usernames and passwords into some other web site?  Or was there a way for these phishing sites to grab the authentication info from the user’s browser?  Is this the fault of the web browser or a faulty plugin?

While the fingers continue to be pointed, the specific methodology for adding malicious filters to a GMail account by way of a phishing attack remains a threat.

About Will Chatham

Will Chatham is a Cyber Security Analyst, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

Leave a Reply