Google disclosed on Wednesday that computer hackers from China (Jinan) broke into the personal Gmail accounts of several hundred people, including top U.S. government officials and Chinese political activists that the company didn’t identify.
Unlike a series of cyber attacks from China last year, Google said the goal this time was not its own central systems, but the individual accounts of users of its e-mail service. The attacks, which Google said also targeted government officials in South Korea and other Asian nations, military personnel and journalists, were likely the result of “phishing” attempts, in which the attacker dupes users into sharing passwords.
Google on Wednesday urged its users to take safety precautions such as using its two-step verification feature for Gmail, and to use a password that they would not use for any other account but Gmail.
Google “will never ask you to email your password or enter it into a form that appears within an email message,” the company said.
Google secured the affected Gmail accounts for now and notified the victims. A security researcher who helped alert Google to the scam said the intrusions went undetected for at least a year.