It’s not unusual for companies to take a “move along, nothing to see here” approach to discussing problems; PR departments don’t want people to dwell on such things. Only in this case, Google seems to be making honest use of the sentiment as it’s busted a rumor about a Gmail vulnerability and domain theft.
About a week ago, reports first started to circulate that a hacker could gain control of Gmail accounts and move from them to GoDaddy accounts. The number of folks claiming to have been affected by this trick grew, and press coverage increased. Sooner or later, the hubbub seemed sure to create a measurable dent in Gmail’s market share.
Information Security Engineer Chris Evans investigated the issue and has responded on the Google Online Security Blog, however, writing, “Our results indicate no evidence of a Gmail vulnerability. With help from affected users, we determined that the cause was a phishing scheme . . . . Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as ‘google-hosts.com’ that they set up purely to harvest usernames and passwords.”
Evans then continues, “Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.”
Try to be careful more careful than ever about what sites you visit, then, but don’t believe that there’s any special reason to abandon Gmail.