Sign In

Communications of the ACM

ACM News

Cyberattack on Google Said to Hit Password System

View as: Print Mobile App Share:
Google's offices in Beijing

Google's offices in Beijing, shown in April 2007.

Credit: Elizabeth Dalziel / Associated Press

Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included a password system that controls access by millions of users worldwide to almost all of the company's Web services. The program is intended to enable users and employees to sign in with their password just once to operate a range of services.

The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

The new details seem likely to increase the debate about the security and privacy of vast computing systems that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in the "cloud," a single breach can lead to disastrous losses.

From The New York Times
View Full Article


No entries found