The Cloud is Not Safe. Check.
Last Monday, my Gmail account was hacked. It wasn’t scraped or spoofed. I did not get a computer virus and there was not spyware in my browser. My password was not “password”; it was a random bunch of characters. Some entity broke into my account and used it to send spam messages to every single person in my contacts list. Over 500 outgoing messages were in my sent folder, each containing a single link to a Viagra purveyor.
Of course I immediately Googled my situation. When I Tweeted about it, a friend sent me a NY Times article about a Google cyberattack that had come out that very same day. The attack is said to have hit Gmail’s password system back in December, and it’s unclear how much data was compromised. The day after I was attacked, this very helpful PC World article came out describing exactly what happened to me. I contacted Google with all the details and my spam message headers. As I expected, I haven’t heard a peep back from them.
Professional techies tend to have a decent awareness of how to avoid being hacked or getting a virus. Though I don’t use antivirus software, I haven’t had a problem with spyware, viruses or spam in years. Part of why I’ve been so successful is that I moved all of my email to the cloud—via free Google Apps at my org, and I run all my personal email through Gmail. I’ve grown complacent over time knowing I have the best spam filters in the world. Additionally, when you don’t download email onto your computer, it’s a lot harder to slip up and get a virus.
Last week was a good reminder that the Internet is never safe, and that the cloud is indeed very vulnerable. Many of the 500 recipients of the spam link from my spam attack opened the link because they trust mail from me. This was pretty embarrassing, as many of the spam emails went to colleagues and others with whom I do business. There were a range of responses, too. Dozens of well-meaning “Hey, you got hacked! Do you know about it? You have a virus!” Then there were these: “OMG I CLICKED ON THE LINK OMG DO I HAVE A VIRUS HELP ME TELL ME WHAT TO DO!!!!” My favorite response was from my neighbor, also a techie: “I think you got hacked… or… were you trying to tell me something with that Viagra link? <wink emoticon>"
The hack made for an ugly Monday, and my inbox was flooded with emails from concerned spam recipients and automated bounce messages for the rest of the week. I ended up setting up an auto-responder that ran for several days. “Yes, I know I was hacked. It was just a link, not a virus. Your computer is fine. I really need to get back to work. Have a nice day.”
In the last hour, I just received a spam message from a good friend who uses Yahoo mail. It looks exactly like the messages that were sent from my account. I wonder if the hack is spreading. Giant sigh.