Google urges Gmail users in Iran to change their passwords
You may have read about the digital break-in at Dutch certificate authority DigiNotar, and the subsequent revelation that an Iranian hacker who goes by the name of "Comodohacker" having made away with fraudulent digital certificates for hundreds of popular Internet destinations. This ranges from websites such as Google, Yahoo, Mozilla and Skype; social networks such as Facebook, Twitter; and even domains belonging to the CIA and Mossad, the Israeli Secret Service.
It is still unclear if Comodohacker is doing it for glory or personal profit – such as by reselling the illicitly obtained email communications to the Iranian government, for example. According to Google, the perpetrator behind the attack on DigiNotar appeared to be interested in intercepting the communications of Gmail users and customers residing in Iran. With this in mind, Google has taken the offensive and is now advising its Iranian users to change their email passwords to protect themselves from online attacks.
In a blog post last week, Eric Grosse, the VP Security Engineer at Google, wrote: "We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail." Emphasizing that the internal systems of the search giant itself have not been compromised, Grosse urged all users in Iran to take "concrete steps" to secure their accounts.
As expected, this includes the changing of their passwords, which will prevent harvested passwords from being used for further unauthorized access. Moreover, Grosse also encourage users to preempt future problems by verifying and updating their account recovery options. As in the case of any hacked email account, the changing of a password does nothing to protect old email messages that may already have been pilfered by a malicious party. In the event of a suspected break-in, however, changing one's password would at least be useful to foil ongoing snooping.
Source: Google Online Security Blog