Google Hack from Single Sign-on
Ever since Google was hacked late last year, I’ve been wondering just how much information was accessed and compromised. Well, we now know.
There was a recent story in the New York Times that quoted an anonymous person with direct knowledge of Google’s investigation into the attack, and this person says that the hackers lifted code for Google’s single sign-on system to use its different applications, for example, Gmail and Docs. (Single sign-on software enables users to sign-on just once to all their Google services.)
Apparently, it all started when a Chinese employee of Google received an instant message, says the source. That employee clicked on the link and then was taken to an infected website – an action that gave the hackers access to Google developers’ computers at headquarters. The code then migrated to machines hosted by Rackspace and then moved on elsewhere. Thank goodness – no Google Gmail passwords were stolen.
While Google made major changes to its network security, the incident opened up renewed concern across the industry and among government about the security and safety of the cloud – and how stable and protected is the information stored on there.
The article in the Times was quite revealing because it says that the information from about 24 other companies was compromised in the attack. Their identities are unknown still, and some industry analysts even think that those companies aren’t aware they were victims of hacking.
I’ve said this before here in this blog, and I’ll say it again. The cloud is a phenomenon that’s not going to be stopped by individual incidents of security breaches. What’s needed is effective industry collaboration to improve security standards, and that’s happening now.
But savvy companies who use cloud-based services and apps should equip themselves with extra protection, such as cloud platform, website transaction and database monitoring services. Until that golden day comes when we’ve finally made hacking a lost profession, you can’t be 
too safe on the cloud.