Less than a month ago, Yahoo went down in history after falling victim not not just one, but two huge cyber attacks. The first one happened in September of 2016, compromising 500 million accounts and the second incident happened just months after in December, which affected a whopping one billion users. The two breaches are separate, but the second breach was first created back in 2013, meaning it took three years for Yahoo to find out about it. To make maters worse, it’s been reported that the company knew about the second security breach a couple months before they notified the public about the incident.
Now, Gmail is the latest victim in a cyber attack that took place on Tuesday, January 12th. In what has been described as a phishing scam, some Gmail users have received an email addressed from someone in their contact list, most likely that person was hacked before them, with an attachment inside. If the recipient clicks on the file, a new window will open up to what appears to be a Gmail login page. Though the login page looks legitimate, if you enter in your email and password, the information gets immediately sent to the hackers. In comparison, the Yahoo hackers stole names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions and answers. Though, this may not seem as bad as that, many Gmail users accounts are connected to other apps such as: google drive, calendar, and photos, all of which use the same login info.
Many who were outraged by the phishing scam tried to contact Google for answers and were merely directed to the prevent & report phishing attacks page. However, Mark Maunder who writes for the cyber security blog, Wordfence, wrote to Google in regards to the attack and Aaron Stein who works for Google Communicates responded with the following statement:
“We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”
He posted Stein’s statement as an update to the initial article he wrote on his blog about the attack, complete with a guide on how to keep yourself from falling victim to the hackers. Make sure to read his explanation here, before you consider doing away with email all together.