Report: Google password system attacked

A cyberattack in December yielded access to a program that controls millions of users' access to the company's services, according to a New York Times report.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

April 19, 2010 8:27 p.m. PT

2 min read

The cyberattack on Google last year reportedly yielded access to a password system that controls millions of users' access to the company's services including e-mail and business services.

Google's Gaia, which allows people to sign in using their password once for a range of services, was compromised during a two-day attack in December, according to a New York Times report that cited a person with knowledge of an internal investigation. However, Gmail users' passwords do not appear to have been stolen, and the company quickly initiated security changes to its networks, according to the report.

The intrusion began when a Google employee in China clicked on a link sent in an instant message that took the employee to a corrupted Web site, which allowed access to the employee's personal computer and ultimately the computers used by a key group of software developers at the company's headquarters in Mountain View, Calif., according to the report.

Google first disclosed the theft of intellectual property in January when revealed that it and other companies were the victims of a "highly sophisticated and targeted attack" aimed at gathering information about human rights activists. As a result of the attack and theft, Google announced it no longer intended to censor search results in that country and would consider leaving entirely.

Source code was stolen from more than 30 Silicon Valley companies targeted in the attacks, which Google said originated in China, though it has not revealed the specific people behind them. For its part, the Chinese government has denied any involvement.

However, tensions between the U.S. and China escalated after U.S. Secretary of State Hillary Rodham Clinton formally denounced Internet censorship in a January speech. China, which has stated that companies doing business in that country must respect and adhere to its laws, responded by warning that the new U.S. stance could hurt relations between the two countries.

Ultimately, Google shut down its Google.cn site and began redirecting users to Google.com.hk, its Hong Kong-based site where it can offer uncensored Chinese-language search services.

Gaia, the code name of the program now known as Single Sign-On, is still in use, the Times noted.