This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/technology/8292928.stm
The article has changed 12 times. There is an RSS feed of changes available.
Version 8 | Version 9 |
---|---|
Google targeted in e-mail scam | Google targeted in e-mail scam |
(about 1 hour later) | |
Google's web-based e-mail system, Gmail, has been targeted as part of an "industry-wide phishing scheme". | Google's web-based e-mail system, Gmail, has been targeted as part of an "industry-wide phishing scheme". |
The firm said that it had immediately safeguarded the affected accounts. | The firm said that it had immediately safeguarded the affected accounts. |
BBC News has seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, that were posted online. | BBC News has seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, that were posted online. |
The lists also include details of thousands of Microsoft Hotmail users. Google said fewer than 500 of its accounts had been affected by the scam. | |
However, the search giant revealed that it had discovered a third list, but would not say how many accounts it showed. | However, the search giant revealed that it had discovered a third list, but would not say how many accounts it showed. |
Phishing involves using fake websites to lure people into revealing data such as bank account details or login names. | Phishing involves using fake websites to lure people into revealing data such as bank account details or login names. |
"We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts," said a Google spokesperson. | "We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts," said a Google spokesperson. |
"As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them." | "As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them." |
The firm stressed that the scam was "not a breach of Gmail security" but rather "a scam to get users to give away their personal information to hackers". | The firm stressed that the scam was "not a breach of Gmail security" but rather "a scam to get users to give away their personal information to hackers". |
'Industry problem' | 'Industry problem' |
The phishing scam was originally thought to target just Hotmail users. | The phishing scam was originally thought to target just Hotmail users. |
It was brought to light when 10,000 Hotmail addresses were posted online at Pastebin, a website commonly used by developers to share code. | It was brought to light when 10,000 Hotmail addresses were posted online at Pastebin, a website commonly used by developers to share code. |
The list was reported by technology blog Neowin. | The list was reported by technology blog Neowin. |
However, a second list of 20,000 names has since emerged containing e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers. A third list, which has not been seen by the BBC, was discovered by Google. | However, a second list of 20,000 names has since emerged containing e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers. A third list, which has not been seen by the BBC, was discovered by Google. |
This should be a wake-up call to Google and Microsoft to educate their users Carole TheriaultSecurity consultant Phishing attack targets Hotmail | This should be a wake-up call to Google and Microsoft to educate their users Carole TheriaultSecurity consultant Phishing attack targets Hotmail |
Some of the accounts on the list of 20,000 names appear to be old, unused or fake. However, BBC News confirmed that many - including Gmail, Yahoo and Hotmail addresses - were genuine. | Some of the accounts on the list of 20,000 names appear to be old, unused or fake. However, BBC News confirmed that many - including Gmail, Yahoo and Hotmail addresses - were genuine. |
Other addresses on the list include Comcast and Earthlink accounts. | Other addresses on the list include Comcast and Earthlink accounts. |
It is not clear whether the new lists was part of the same phishing attack that collected the Hotmail addresses or a separate scam. | It is not clear whether the new lists was part of the same phishing attack that collected the Hotmail addresses or a separate scam. |
A spokesperson for Microsoft said phishing was an "industry-wide problem". | A spokesperson for Microsoft said phishing was an "industry-wide problem". |
"Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software." | "Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software." |
Both lists can still be accessed online. | Both lists can still be accessed online. |
A spokesperson for Yahoo urged consumers to "take measures to secure their accounts whenever possible, including changing their passwords". | A spokesperson for Yahoo urged consumers to "take measures to secure their accounts whenever possible, including changing their passwords". |
Carole Theriault of security firm Sophos agreed. | Carole Theriault of security firm Sophos agreed. |
"Getting access to one password can give someone access to lots of things," she said. | "Getting access to one password can give someone access to lots of things," she said. |
People should change their password on any other site where they use it, she added. | People should change their password on any other site where they use it, she added. |
A recent report by the firm said that around 40% of people had the same password for every website they used. | A recent report by the firm said that around 40% of people had the same password for every website they used. |
"People need to see a difference between an online bank account and booking cinema tickets online," she told BBC News. | "People need to see a difference between an online bank account and booking cinema tickets online," she told BBC News. |
But, she said, blame did not rest with the users of the e-mail services, who likely clicked on a link in a scam message. | But, she said, blame did not rest with the users of the e-mail services, who likely clicked on a link in a scam message. |
"Phishing attacks are very subtle these days," she said. "People do all kinds of tricky things." | "Phishing attacks are very subtle these days," she said. "People do all kinds of tricky things." |
Fake websites, which ask for a users login details, can be made to look like those of reputable companies. | Fake websites, which ask for a users login details, can be made to look like those of reputable companies. |
"This should be a wake-up call to Google and Microsoft to educate their users," said Ms Theriault. | "This should be a wake-up call to Google and Microsoft to educate their users," said Ms Theriault. |
Do you have a Gmail, Yahoo, or AOL account? Have you been affected by "phishing" scams? Send us your comments. | Do you have a Gmail, Yahoo, or AOL account? Have you been affected by "phishing" scams? Send us your comments. |
The BBC may edit your comments and not all emails will be published. Your comments may be published on any BBC media worldwide. Terms & Conditions | The BBC may edit your comments and not all emails will be published. Your comments may be published on any BBC media worldwide. Terms & Conditions |