Google said to retool user security in wake of political hacks

2017-09-30 13:40 - Mark Gurman and Mark Bergen, Bloomberg
Post a comment 0

Google’s headquarters in Mountain View. (Marcio Jose Sanchez, AP, File)

RELATED ARTICLES

San Francisco - Google is preparing to upgrade its security tools for online accounts to better insulate users from cyberattacks and politically motivated hacks, according to two people familiar with the company’s plan.

The Alphabet company will begin offering a service called the Advanced Protection Program in October, that places a collection of features onto accounts such as email, including a new block on third-party applications from accessing data.

The program would also effectively replace the need to use two-factor authentication to protect accounts with a pair of physical security keys. The company plans to market the product to corporate executives, politicians and others with heightened security concerns, these people said.

Podesta hack 

The Gmail messages of John Podesta, Hillary Clinton’s 2016 campaign chairperson, were famously hacked last year, along with the databases of the Democratic National Committee. Podesta met with the House Intelligence Committee in June to discuss the hack.

Google released software in 2014 for a USB Security Key, a device designed to improve existing security measures, like two-factor authentication. Two-factor authentication involves using a second code or password, for example, to log onto email.

When plugged into computers, the key lets users create more robust security measures for accounts on Gmail and other Google sites. The new service will continue to require a physical USB key in addition to a second physical key for greater protection.

The new service will block all third-party programs from accessing a user’s emails or files stored on Google Drive, said the people, who asked not to be identified because the product isn’t yet public. The program will be updated with new features to protect user data on an on-going basis.

A Google spokesman declined to comment.

Over the past year, Google has refurbished its account security systems several times. The upgrades come as the company pitches its Gmail and document apps to business clients.

In February, Google added additional controls against phishing attacks for enterprise clients. Since 2012, Google has sent warnings to users when they are potentially targets of state-sponsored attacks. The company wrote a blog post on the topic earlier this year after a number of reporters received the warning.


SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter: