Google passwords were reportedly compromised

Cyberattack said to have targeted single sign-on system

A source with knowledge of the investigation into a recent cyberattack against Google’s servers says hackers gained access to the tech behemoth’s vaunted password-management system which controls access to online services like e-mail and business applications. Though the attackers aren’t thought to have stolen actual passwords, it’s possible last December’s intrusion allowed them to find security weaknesses inside the system that even Google isn’t aware of. The data theft was made possible by a Google employee in China being duped into logging in to a poisoned website that granted hackers access to his computer and those of a group of developers at the company’s headquarters in California. Google first revealed the theft in January and has blamed cyberattacks for its decision to pull out of China.

New York Times

Looking for more?

Get the best of Maclean's sent straight to your inbox. Sign up for news, commentary and analysis.