Google denies blame for domain thefts

 

Gallery

By Matthew Sparkes

Posted on 26 Nov 2008 at 10:02

Google has denied bloggers' claims that a flaw in Gmail gave hackers access to their email accounts and allowed them to steal their domain names.

The suggestion originated on the MakeUseOf blog, which was the victim of a stolen domain name after an attacker gained access to a Gmail blog and set up filters to redirect emails from the site's registrar to a third party email address.

"As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar," claims the post. "Several things have happened in the last two days that have made me believe that Gmail has a serious security flaw and everyone should be aware about it."

The post claimed the fault lay with Google, and provided links and details for other sites which had also been victim to similar attacks.

However, Google has since denied these claims, claiming the attacks were likely down to phishing attempts, placing the blame squarely with the account holders.

"We've seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners' domains by unauthorised third parties. At Google we're committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerability," says a post on the Google security blog.

"With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information."