Gmail Also Nailed by Phishing Attacks, Google Says
10.06.09
By Larry Seltzer
Over this past weekend the credentials for several thousand Microsoft Hotmail accounts were posted online. Microsoft has confirmed the list was authentic, worked to get it taken down and deactivated the accounts. If your account was affected you can fill out this form to reclaim account access.
Then today Google told the BBC that Gmail had been similarly targeted. The BBC reported that they had seen a list with more than 30,000 names and passwords.
Microsoft says that the Hotmail accounts appear to have been compromised through "a likely phishing scheme," not through any problem in Hotmail. Google's response was similar: "We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including GMail accounts...As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them."
What more is there to say about such problems? Users need to be able to recognize illicit attempts to elicit their account information. The Microsoft blog linked to above has some good, general advice on recognizing phishing scams.
It's also possible for attackers to steal account access if the passwords through other attacks, such as dictionary attacks which attempt to use common words (such as "password") as the password. Brian Krebs of the Washington Post has some good general guidelines on password selection in his report on this attack.
Pastebin, the site on which the Hotmail accounts were posted, is designed for programmers to share source code. Since the news broke of this disclosure, the owner, a completely innocent bystander in this business, has had to take the site down and work, undoubtedly for free, on measures to secure his site against such abuse in the future. I feel sorry for him, at least as sorry as I feel for people who gave up their e-mail passwords unwittingly.
Originally posted to the PCMag.com @Work blog.
Entradas
0 comentarios:
Publicar un comentario