We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,586 News Articles

Google password system stolen by 'China attacks'

Single Sign-On technology targeted

The information stolen from Google in cyberattacks late last year included a password system that gives users access to multiple services after just one login, according to a news report.

Google in January said it had been hit by cyberattacks believed to be launched from China that caused the theft of Google intellectual property. The stolen information included the password system, code-named Gaia after the Greek goddess of earth, The New York Times said late Monday, citing an unnamed source.

The software, still used by Google but now known as Single Sign-On, has been discussed publicly only once, four years ago at a conference, the report said.

Gmail users' passwords do not appear to have been lost, but there is a small possibility that attackers with access to the stolen software could find vulnerabilities in it that Google itself does not know about, the report said.

Google spokesman Jay Nancarrow declined to comment beyond Google's original blog post revealing the attacks. In that post, Google cited the attacks and concerns over censorship as it also announced plans to stop filtering search results on its China-based search engine, which it had done for years to comply with government demands. Chinese users are now redirected from the old search engine to Google's Hong Kong site, where political content is uncensored.

Google has said over 20 other companies were also targeted in the attacks.

The theft from Google started when an employee in China clicked on a link to an infected site, which was sent to the employee via instant message, the Times said. The attacker was then able to access the employee's computer and, eventually, a software base used by developers at Google's California headquarters, the report said.

The attackers also had access to an internal Google directory called Moma that stores information about each employee's work tasks, it said.

See also:

PC security advice


IDG UK Sites

Samsung Galaxy S6 release date and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

How to win iTunes Festival 2014 tickets: See Pharrell Williams, Sam Smith, Kylie & more live, for...

IDG UK Sites

Microsoft's all or nothing bet on Windows Phone is the best way forward

IDG UK Sites

Google adds better type rendering to its Chrome browser on Windows