The cyberattack on Google that prompted it to exit China may have compromised its system of password control, the New York Times has reported.
The system manages access by millions of users worldwide to almost all of the company’s web services, including email and business applications, the Times said, quoting a source close to the company’s internal investigation.
As a result of the attack, “the intruders may find weaknesses that Google might not even be aware of.”
The attackers targeted Google’s Gaia program, one of the search firm’s most important and sensitive pieces of software, which has been described publicly only once. It enables users to sign in with their password just once to operate multiple Google services.
The two-day attack on the company last December began when hackers sent a message to a Google China employee using Microsoft’s Messenger program.
“By clicking on a link and connecting to a ‘poisoned’ web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters,” the report said.
“Ultimately, the intruders were able to gain control of a software repository used by the development team.”
Google has not revealed any details of the breach, but it has said the sophisticated attack was on of the prime reasons for its decision to abandon the mainland China search market.