The information stolen from Google in cyberattacks late last year included a password system that gives users access to multiple services after just one login, according to a news report.
Google in January said it had been hit by cyberattacks believed to be launched from China that caused the theft of Google intellectual property. The stolen information included the password system, code-named Gaia after the Greek goddess of earth, The New York Times said late Monday, citing an unnamed source.
The software, still used by Google but now known as Single Sign-On, has been discussed publicly only once, four years ago at a conference, the report said.
Gmail users’ passwords do not appear to have been lost, but there is a small possibility that attackers with access to the stolen software could find vulnerabilities in it that Google itself does not know about, the report said.
Google spokesman Jay Nancarrow declined to comment beyond Google’s original blog post revealing the attacks. In that post, Google cited the attacks and concerns over censorship as it also announced plans to stop filtering search results on its China-based search engine, which it had done for years to comply with government demands. Chinese users are now redirected from the old search engine to Google’s Hong Kong site, where political content is uncensored.
Google has said over 20 other companies were also targeted in the attacks.
The theft from Google started when an employee in China clicked on a link to an infected site, which was sent to the employee via instant message, the Times said. The attacker was then able to access the employee’s computer and, eventually, a software base used by developers at Google’s California headquarters, the report said.
The attackers also had access to an internal Google directory called Moma that stores information about each employee’s work tasks, it said.