Click to Skip Ad
Closing in...
  1. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: $5 Alexa smart plugs, $110 electric sta…

  2. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  3. Control Garage Door With iPhone
    08:10 Deals

    Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 c…

  4. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  5. Best Memory Foam Mattress
    12:31 Deals

    When 75,000 Amazon shoppers rave about a $130 memory foam mattress, you need to check it o…

The Google Docs attack took over a million Gmail accounts in an hour

May 4th, 2017 at 3:46 PM
Google Docs phishing attack

Yesterday, a phishing attack appeared out of nowhere to infect the inboxes of people across the world. The attack relied on a weakness in Google’s own Apps system to take control of users’ Gmail accounts, and send out the spam link to users’ address books. The result was a hack that spread like wildfire: according to Google, a million accounts were compromised in just one hour.

The hack started with an email, send from a known contact, that invited you to click a link to see a Google Doc they’d shared with you. Google does send an email when a contact shares a Google Doc, so it’s not an unusual email to receive.

Once you clicked on the link inside, you were sent to a legitimate Google Apps page. It asked you to authorise an app called “Google Docs” to read, send and delete emails, which is the problem. Google Docs was a fake app, controlled by the attacker.

Speaking to the BBC, Google said that removed the attack “within approximately one hour”, via “removing fake pages and applications”.

“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google said. “There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

However, in the time it took for Google to shut down the attack, it infected a million users. Nothing apart from email access seems to have been stolen, but that could potentially be problematic. Gmail is often used as the recovery email for other accounts, like Amazon, Apple or Facebook accounts. Users who were infected by the scam may want to keep a close eye on any important services for the next few days, and consider enabling two-factor authentication.

Popular News