In 2016, more than 1 million Google accounts were breached by Gooligan. Malware roots infected devices and stole authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more. Gooligan is a new variant of the Android malware campaign found researchers in the SnapPea app last year.
In February 2017, A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit, and OKCupid.
However, more recently on May 3, 2017, Gmail users were targeted in a sophisticated phishing scam that was seeking to gain access to accounts through a third-party app. The emails were disguised as trusted contact and notified the individual as if they wanted to share a Google Doc with them. Once the individual clicked on the linked, they were sent to Google’s real security page where the person was prompted to allow a fake Google Docs app to manage his or her email account. Google was able to put a stop to the breach within an hour. However, over 1 million users may have been affected.
Fox-Brewster, T. (2017, February 24). Google Just Discovered A Massive Web Leak… And You Might Want To Change All Your Passwords. Retrieved May 20, 2017, from https://www.forbes.com/sites/thomasbrewster/2017/02/24/google-just-discovered-a-massive-web-leak-and-you-might-want-to-change-all-your-passwords/#4d9fc4fc3ca3
C. (2017, March 29). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved May 21, 2017, from http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
2017 Data Breaches – The Worst Breaches, So Far. (2017, May 15). Retrieved May 20, 2017, from https://www.identityforce.com/blog/2017-data-breaches