A December cyberattack on Google Inc computers hit the company’s password system that millions of people worldwide use to access almost all of the company’s Web services, The New York Times reported, citing a person with direct knowledge of the investigation.
The closely-guarded program is considered a crown jewel at Google, enabling users and employees to sign in with their password only once to operate various services including e-mail and business applications, the newspaper said in its April 20 edition.
Google did not immediately return a call seeking comment.
Code-named Gaia for the Greek goddess of the earth, and still in use under the name Single Sign-On, the program was described publicly only once at a technical conference four years ago, the newspaper said.
The intruders do not appear to have stolen passwords of Gmail users, and Google quickly started to bolster security, the newspaper said.
But the theft leaves open a possibility, perhaps faint, that the intruders may find weaknesses that Google might not know about, the newspaper said, citing independent computer experts.
Google disclosed the hacking on January 12, reporting a detection of “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.”
The Mountain View, California-based company said the attack appeared to target Chinese human rights activists, and that only two Gmail accounts appeared to have been accessed.
Google at the time said it would stop censoring search results on Google.cn. In March, it closed its China-based Web search service and began redirecting users to an uncensored portal in Hong Kong. That decision came amid heightened tensions between China and Washington, D.C.