Google Warning Users Of Government-Backed Hackers Attacking Their Accounts
Google is reportedly notifying some users that their accounts have been targeted by government-backed hackers, according to an onslaught of reports proliferating social media in the past 24 hours.
It is believed that a spear phishing campaign called PowerDuke, which was tied to Russian hackers, are somewhat related to the Google's issuance of warnings, though the connection between the two holds no merit as of this time.
According to Google, only 0.1 percent of Google accounts are being issued the warnings, but it's still ideal for everyone to assure their security given the reported attacks.
If a user is alerted with Google's email, it doesn't immediately translate that their account has been compromised or that a more widespread attack will follow. However, Google is still urging recipients of the warning to take it seriously.
Many recipients of the Google-issued warning are journalists and professors such as Paul Krugman, an economist and columnist for The New York Times; Jonathan Chait, a New York magazine journalist; Julia Ioffe, a writer at Politico and Michael McFaul, a Stanford University professor. All confirmed via Twitter with regard to receiving the notice from Google.
The cautionary email is headlined with a red banner, accompanied with a line of text that says: "Warning: Google may have detected government-backed attackers trying to steal your password." It is the same type of warning Google promised to send out in case of security threats, which was as part of a new feature it announced given the mounting feud between Apple and the FBI on security issues.
What To Do If You Receive The Notice
For those who have received Google's warning, the email will provide a link that'll help the recipient enable a two-factor authentication method for better security and the option to set up a security key.
For those who have already enabled two-factor authentication, there's also an option to install the Google Authenticator, an app which lets the user receive codes when a mobile service or an internet connection isn't available.
Whether or not Google's flurry of warnings indicate that hackers potentially attempted to compromise Google accounts, it's better to follow Google's recommendations and commit to the company's various tools to proof passwords, even for those who didn't receive the warnings.
It's better to be safe than sorry.