Cyberattack on Google Said to Hit Password System

[DaBees-Knees]

 http://www.nytimes.com/2010/04/20/technology/20google.html

Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications

The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

If that's true it could have huge repercussions. 

[Forested665]

whether or not it is that system. their password system is linked with facebook and youtube. so this affects more than just google service users. especially for the thousands of people who trustfully use the same password for everything.

[GhostShip]

The facts of this attack are pretty simple although the reasons may not be, you have a password and email address same as has been the case for many many years and someone is looking to bust in by either brute forcing or bypassing the password in some manner, there is a little more to this story than that at "user" level .
Google has a system to check account  passwords are valid so its pretty useless at first sight to steal this information on its own unless their code is terribly flawed and allows for incorrect passwords to be accepted as genuine.

I,m not 100% sure what the attackers where after but its likely they simply want information on how the email data is secured in transit as this would allow their government to capture the data in real time for a "man in the middle attack", thats really all I think they are wishing to do as anything else is unlikely to be of enough value for mounting such a public attack, so forget stressing over your passwords etc just ensure you dont keep information (old emails) archived in online email repositories and dont get lazy by using the same pasword for multiple locations or services and let Google do their part in either changing the system or if its flawless trusting it to be as good as they have said it is.

You could of course use other email providers (or many email accounts ) but blind panic is best avoided when reading stories that claim the sky has fallen in or is about to.