Friday, January 13, 2012

What happens when your Gmail account gets hacked?


Via a link at Bruce Schneier's invaluable security blog, I was led to this article in the Atlantic. Here's an excerpt.

On April 13 of this year, a Wednesday, my wife got up later than usual and didn’t check her e‑mail until around 8:30 a.m. The previous night, she had put her computer to “sleep,” rather than shutting it down. When she opened it that morning to the Gmail account that had been her main communications center for more than six years, it seemed to be responding very slowly and jerkily. She hadn’t fully restarted the computer in several days, and thought that was the problem. So she closed all programs, rebooted the machine, and went off to make coffee and have some breakfast.

When she came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking at e‑mail, and we both quickly saw what the real problem was. In my inbox I found a message purporting to be from her, followed by a quickly proliferating stream of concerned responses from friends and acquaintances, all about the fact that she had been “mugged in Madrid.” The account had seemed sluggish earlier that morning because my wife had tried to use it at just the moment a hacker was taking it over and changing its settings—including the password, so that she couldn’t log in again.

. . .

The more serious sign of the potential scale of our problems came later in the day. Google offers a variety of automated ways for users to regain control of Gmail and other accounts they think have been hacked. The automated routines, plus an online forum moderated by Google employees, are the only help Google offers. With hundreds of millions of active Gmail accounts to manage - that's as specific as Google will be about its user base — operating in 54 languages worldwide, the relative handful of human beings on Gmail’s support staff could not even pretend to offer live one-on-one service. The same is true of Yahoo, Microsoft’s Hotmail, Facebook, Skype, eBay, and the other big operators of “cloud”-based systems.


There's more at the link.

It's worth noting that the author only managed to sort out his problems through personal contact with a senior executive at Google, whom he knew prior to the incident. The rest of us, lacking such influence, would almost certainly find it much more difficult - perhaps impossible - to achieve the same resolution of the problem. The security tips and advice that the author offers are well worth pursuing.

I highly recommend this article. It's very important reading for anyone with an e-mail account, or who stores data in the 'cloud' on the Internet. (That includes all bloggers, too - after all, this blog exists only in the 'cloud', and that's where you're accessing it as you read these words!) It also reinforces the need for regular, comprehensive backups of anything and everything you value and want to keep for future reference.

Peter

1 comment:

TheAxe said...

Last year for a couple weeks, I lost mine and the first few times I tried to get it back the automated thing said I couldn't prove I was me. Very frustrating. They really need better service and I've started taking precautions in case it happened again.