Keep Calm and Carry On. “Gmail” Was Not Hacked…
…and neither was Google…at least not this time.
If you read some of the mainstream media, your ears might have perked up when you saw some of the headlines that Gmail was hacked. One of the original front page headlines that I saw on the MSNBC home page (it has since been moved off of the front page and the title changed) alluded that Google itself was hacked. In light of some of the other recent headlines about the repeated breaches at Sony and others, one would think that a reported hack of Gmail would be just as big, if not bigger.
The truth of the matter is that neither Google nor Gmail were hacked. Some of their user accounts were compromised through a technique known as phishing: where users are tricked into giving up sensitive or personal information (such as credit card or login information) to a malicious third party. This happens every day, unfortunately way too often. It is important to note that this is not indicative of any particular vulnerability within Google or any of Gmail's systems. The only vulnerability compromised in this case is the human vulnerability, the weakest link in the security chain. Anyone and everyone is a potential target for criminal activity online.
What made this case noteworthy was some of the types of people that were identified as being victimized: senior government officials, journalists, military personnel, among others. Even then I wouldn't call this particular instance "different" since such people are and always will be targets of criminals because of the type and amount of sensitive information that they are privileged to.
Was this a targeted attack against Google or Gmail? No. It may very well have been a targeted attack against the people whose accounts were compromised, but this was clearly not anything motivated against Google or any of its properties. This is an important distinction to make and to understand.