Google’s Password System Attacked
New details are coming out about the cyber attack that Google experienced in December. According to a NY Times article, the information comes from a person with direct knowledge on the situation.
Google’s Single Sign-on password system, also known as Gaia, which allows users to log in once through a common interface to access a variety of Google services, was subject to a “lightning raid” that lasted less than two days. However, within 48 hours the attackers were initially able to gain access to an individual’s computer through a “poison link,” a site that embeds software on a computer and gives external entities access to their individual computer. From the individual’s computer, the intruder gained access to the computers of Google’s key software developers, and in turn access to the software repository in which Gaia could be accessed.
Needless to say that the security measures were quickly changed shortly after the incident, but there is some concern that the infiltrators may have found find other security loops within the password system. There was no news from Google’s official blog.