Google Gmail Users Get Alert if Accounts Compromised

Google has added a new feature to Gmail to alert users to suspicious activity and advise them their accounts may have been hijacked.

Google is adding a new alert system to Gmail to warn users if their account may have been compromised.

The feature is being rolled out today and is meant to offer users an additional layer of protection for Gmail users via an automated system that flags suspicious activity and generates a red alert.

"It will be a sort of a bright red message that will say 'warning (we believe) your account was recently accessed from' and then a geographic location and a button to click to see recent accesses of the account with information about them like...what was the IP it came from, when did it happen, where in the world do we think they were from (and) highlighting in red the ones that were bad or suspicious to us," explained Will Cathcart, product manager at Google, in an interview with eWEEK.

The alert system builds on Google's decision in 2008 to provide users with information about their account activity, such as the IP addresses of logins and the time of day the account was accessed. These factors and others will now be used as the basis to determine whether unauthorized access could be taking place and the legitimate user should be notified.

"While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert," blogged Google Engineering Director Pavni Diwanji.

To ensure an attacker doesn't simply delete the message, Cathcart said Google has set the system up so that only the legitimate owner of the account receives the alert and any attempt to turn the alert off takes seven days to go into effect.

"Part of the alert is to push the user to articles about what we recommend they do, concrete steps they can take, including things we would encourage them not to do next time - don't use your (same) password on other sites, make sure to check your computer for malware, those kinds of things," he said.

The decision by Google follows a move earlier this year to turn on HTTPS by default for Gmail users, as well as the high-profile Aurora attack in which the company said hackers tried to gain access to the Gmail accounts of Chinese human rights activists.