In the week and a half since my wife's Gmail account was taken over, I've learned a lot about "cloud" security in general, the difference between average-user and expert-insider views on the topic, the world geography of hacking, the economic logic and illogic of hacking, the habits that make for "unsafe" and "less unsafe" reliance on the cloud, and so on. I will go into these in greater depth later on, probably in a "real" article.
I've also heard from a broadening stream of people whose accounts have similarly been taken over. The most desperate-sounding are those who have regained control of their Gmail account after a hack, only to find that all the information they thought was eternally nestled in the cloud had disappeared. The embarrassing picture of you at a drunken party will never vanish from the internet, but your working files and correspondence might. This is a generic cloud problem rather than one specific to Gmail, but I'm hearing about it with Gmail cases. For instance:
On Monday, April 11, I woke to a call from my neighbor checking to see that I was safe and had not been mugged in Wales. The call was surprising enough, but the events that followed were devastating. I opened my gmail account a little after 7 am and I believe all my email was intact. I reported the breach and received a link to reset my password. I logged back in and all my email was missing, years of email, not only in the inbox, but the sent mail and dozens of folders of filed mail. In addition, all my contacts disappeared. My folder tree was completely intact, but every folder was empty.I spent the next hours following every piece of advice I could find on Google support and reported the missing email and contacts and requested that Google try to recover it. On April 12, after filing other reports and giving more information, I received an email saying that Google had retrieved what email it could and that "We unfortunately will not be able to respond to any further emails on this case." The email recovered dated back to February 25th and consisted of mostly email that I had actually deleted and some sent mail, a tiny portion of what was in the account.
What I've learned from this flow of information, much of which I have shoveled on to Google and asked for their response, is that there is a huge gulf between how "normal" people think about their cloud-based email records and what the professionals know. Simply put: