Submission + - Google confirms, downplays Gmail phishing attack (computerworld.com)
CWmike writes: Google confirmed today that passwords for its free Gmail online e-mail service had been harvested by hackers, but downplayed the phishing attack as involving just a "small number" of accounts. Earlier Tuesday, the BBC reported that both Gmail and Yahoo Mail had been targeted by a large-scale identity theft scam, perhaps the same one that collected between 10,000 and 20,000 passwords from those services as well as from Microsoft's Windows Live Hotmail, Comcast, Earthlink and others. "We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts," a Google spokesman confirmed today in a reply to questions from Computerworld. "As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts if we become aware of them." Like Microsoft on Monday, Google today denied that Gmail had been hacked, and Gmail usernames and passwords stolen because of a lapse on its end. "This was not a Gmail security issue, but rather a phishing scheme," said the Google spokesman.