Google on Wednesday disclosed that hackers in China have tricked “hundreds” of its e-mail service users into disclosing their personal account information, thereby allowing the online fraudsters to monitor those users’ personal communications.
“This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists,” wrote Eric Grosse, Google’s security team engineering director in a mid-afternoon blog post.
“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)”
Grosse wrote that Google has detected and disrupted the campaign to steal users’ passwords, and that those users, as well as “relevant government authorities” had been notified.