Google said Wednesday that hackers in China had compromised the personal e-mail accounts of hundreds of users of Google's Gmail service, including top U.S. and Asian government officials, Chinese political activists, military personnel and journalists, BBC News reported.
In a blog post, the company said that its security had not been breached, but that some users of Gmail had been the targets of a campaign aimed at stealing passwords and monitoring e-mail accounts, according to the New York Times.
Google said in the blog post that the campaign appeared to originate from the city of Jinan, China, and that it had affected the personal Gmail accounts of users including “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
The so-called phishing campaign worked by sending the victims spoofed e-mails, often from accounts that appeared to belong to co-workers, family or friends. Those emails contained links to spoofed Gmail sites, which harvested the usernames and passwords of anyone who used them, Forbes explained. The hackers used those login details to forward any mail coming into the account to a third party, or in some cases gathered information about contacts to use in other phishing scams.
It is the second time that Google has implicated China in an intrusion, the New York Times said. Last year, the company said it had traced an attack on its systems to perpetrators based in China. The accusation led to a rupture of Google’s relationship with China and a decision by the company not to cooperate with Chinese censorship demands on its search engine.
Google said in the official blog post that it had detected and disrupted the campaign, notified the victims and secured their accounts. Google recommended that Gmail users take additional security steps, including adding a Google service known as two-step verification, which involves using a cell phone.