In the week and a half since my wife's Gmail account was taken over, I've learned a lot about "cloud" security in general, the difference between average-user and expert-insider views on the topic, the world geography of hacking, the economic logic and illogic of hacking, the habits that make for "unsafe" and "less unsafe" reliance on the cloud, and so on. I will go into these in greater depth later on, probably in a "real" article.
I've also heard from a broadening stream of people whose accounts have similarly been taken over. The most desperate-sounding are those who have regained control of their Gmail account after a hack, only to find that all the information they thought was eternally nestled in the cloud had disappeared. The embarrassing picture of you at a drunken party will never vanish from the internet, but your working files and correspondence might. This is a generic cloud problem rather than one specific to Gmail, but I'm hearing about it with Gmail cases. For instance:
On Monday, April 11, I woke to a call from my neighbor checking to see that I was safe and had not been mugged in Wales. The call was surprising enough, but the events that followed were devastating. I opened my gmail account a little after 7 am and I believe all my email was intact. I reported the breach and received a link to reset my password. I logged back in and all my email was missing, years of email, not only in the inbox, but the sent mail and dozens of folders of filed mail. In addition, all my contacts disappeared. My folder tree was completely intact, but every folder was empty.I spent the next hours following every piece of advice I could find on Google support and reported the missing email and contacts and requested that Google try to recover it. On April 12, after filing other reports and giving more information, I received an email saying that Google had retrieved what email it could and that "We unfortunately will not be able to respond to any further emails on this case." The email recovered dated back to February 25th and consisted of mostly email that I had actually deleted and some sent mail, a tiny portion of what was in the account.
What I've learned from this flow of information, much of which I have shoveled on to Google and asked for their response, is that there is a huge gulf between how "normal" people think about their cloud-based email records and what the professionals know. Simply put:
- Normal people think their cloud-based email is safe, conveniently backed up, and easily recoverable if anything goes wrong.
- The pros realize that it is not -- or that it might not be, and that users should protect themselves accordingly.
I think that Google and other companies have under-stressed this reality. In the messages I've received from users who've lost their entire archives, not one has included something like "I always knew this could happen" or "I understood that I needed to have my own back ups, because my online mail might permanently disappear." As I mentioned earlier, I have always made on-disk backups of all my email (with those backups backed up elsewhere), but I was semi-embarrassed about this as primitive, Old World behavior. Unfortunately not.
So, as a public service, plus as a way of sparing myself the chore of explaining this in separate emails to the next 50 people who write in, here is a summary of the on-the-record responses I've gotten from Jay Nancarrow, a Google spokesman, and others there about various email security and recovery issues.
1. The most important thing you can do is protect your own account. And to Google's credit, they now offer, free, a tool that makes it almost impossible for anyone to get into your account remotely, as happened in the cases I have heard about. This tool is the famous "two-factor authorization," for which you can read the official Google description or my reference, or a security-pro's analysis. If you apply this system you can probably stop worrying about this whole nightmare-scenario -- and may not need to keep reading after the jump. (Or, if you're seeing this post on a single page, below.)
1B. And, just for the record, in principle you should never use the same password on more than one site. A Google friend says, "If one uses the same password at reliable.com and risky.com, then when risky.com is compromised, that gives criminals your password and often email address to try at reliable.com; even when reliable is as reliable as Google this would give criminals access. And when your user name at risky.com is your email address then using the same password is catastrophic to security. Solution: use a different password absolutely everywhere." I will confess that I have not yet fully implemented this plan.