Hackers tried to steal the passwords of hundreds of Google email account holders, including those of senior U.S. government officials, the Internet company said.
"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing," Eric Grosse, Engineering Director at Google Security Team said.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," he added.
Google estimates that the goal of this effort was to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings. (Gmail enables users to forward their emails automatically, as well as grant others access to their account.)
Google said that it had detected and had disrupted this campaign to take users' passwords and monitor their emails.
"We have notified victims and secured their accounts. In addition, we have notified relevant government authorities, " Eric Grosse said.
He also stressed to clarify that Google's internal systems hadnot been affected - these account hijackings were not the result of a security problem with Gmail itself.
The U.S. government is investigating the issue, Secretary of State Hillary Clinton said on Thursday.
"We are obviously very concerned about Google's announcement regarding a campaign that the company believes originated in China to collect the passwords of Google email account holders," Clinton told reporters.
"Google informed the State Department of this situation yesterday in advance of its public announcement. These allegations are very serious. We take them seriously, we're looking into them," Clinton said.
Clinton referred further questions on the matter to Google and to the FBI, which will conduct the U.S. investigation.
Google suggests users to improve their security when using Google products by enabling 2-step verification, using
a strong password for Google that they do not use on any other site and also always enter their password only into a valid sign-in prompt on a https://www.google.com domain.
Gmail users may also check their Gmail settings for suspicious forwarding addresses and watch for the red warnings about suspicious account activity that may appear on top of their Gmail inbox.