Hotmail users aren’t the only ones who’ve been hit by a phishing scheme over the past week. Google told BBC News on Tuesday that Gmail users have also been affected by the hackers who posted passwords online.

The problem is far more widespread than was disclosed on Monday, possibly affecting Yahoo and AOL e-mail accounts as well, according to BBC News.

Google described the issue as an “industrywide phishing scheme.” BBC News said it has seen two lists posted online with “more than 30,000 names and passwords” from Gmail, Yahoo, AOL, Microsoft’s Windows Live Hotmail, and other service providers.

The representative said that Google immediately “forced passwords resets on the affected accounts.”

In an e-mail to CNET, a Google representative said that the company had to reset the passwords on fewer than 500 Gmail accounts so far. However, that figure could change.

Despite Google’s and Microsoft’s awareness of the problem, it doesn’t seem that users are out of the woods just yet. Google’s representative told CNET that it will continue to force password resets on any newly affected user accounts.

Like Microsoft, Google was quick to point out to the BBC that the phishing scheme was a “scam to get users to give away their personal information to hackers” and not an internal security issue. It didn’t say how users fell victim to the scheme. (Source-cnet.com)

With all these phishing attacks hitting the major players in the world of email, Google is offering their own suggestions on what users can do to improve their passwords.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Problem 3: Using passwords based on personal data
We all share information about ourselves with our friends and coworkers. The names of your spouse, children, or pets aren’t usually all that secret, so it doesn’t make sense to use them as your passwords. You should also stay away from birth dates, phone numbers, or addresses.

Solution 3: Create a password that’s hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as “sPo0kyh@ll0w3En”).

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we’ve learned them well.

Solution 4: Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid naming the file “my passwords” or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven’t visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn’t be something that someone can guess by scanning information you’ve posted online in social networking profiles, blogs, and other places.

If you’re asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won’t know how to enter it properly. (Source-The Official Gmail Blog)

Related articles by Zemanta

• eMail Accounts Compromised in Massive Attack (pindebit.blogspot.com)
• Guess what: Code sharing sites being used to share emails and passwords ALL year round (thenextweb.com)
• Hacked email accounts affect thousands (thestar.com)
• 20,000+ Gmail, Yahoo, AOL Accounts Compromised [ALERT] (mashable.com)
• Password Scam Widens To Google And Yahoo (news.sky.com)
• Are those Hotmail users really victims? (timesonline.typepad.com)
• Latest tally: 30,000+ hacked e-mail accounts (seattlepi.com)
• Most Common Hotmail Password Revealed! (wired.com)

It’s been said a thousand times before but deserves to be repeated a thousand times more: Do not blindly click on “Yes” or “Next” in any registration box when registering on a website without carefully reading what you’re agreeing to.

Many sites (some legitimate some not so much) have a multi-step registration process. First you pick a username and password, then you’re often asked to fill in your profile information, agree to the Terms of Service and quite often, whether or not you want to send an email or text message to your contacts inviting them to join you on this site. Beware of agreeing to that.

Granted, social sites are not as enjoyable when no one you know uses them. But too many of these sites will send out an unsolicited email on your behalf to every name on your Gmail, MSN, Yahoo or AOL contact list inviting them to join you at this site. Is this going to be welcomed by every one of your contacts? If I’m on your contact list the answer is a resounding NO. I’m happy you found a site you like. I might consider taking a look at it if you send me a personal message or email telling me why this particular site would appeal to me. But if I recieve a generic email from a site I’ve never heard of telling me that my friend has joined this site and I’m invited to do the same, I’m tossing that email in the trash and re-evaluating my opinion of that friendship.

Our email inboxes are already polluted with too much spam. Even the best mailbox filters can’t catch it all. When people on my contact list spam me, that garbage gets a pass from my filters, since it’s from someone I know.

So please, the next time you find a cute new game to play on Facebook or join a new social networking site, do not blindly click on the option to add all the friends on your contact list. Show your friends some respect. If you can select particular contacts to notify, and you know for a fact that this site will appeal to me, go ahead and send me an invite. But do it from your own email account so I know the invitation is intentional and not the result of a twitchy right index finger.

An example of the pitfalls of blindly sending out invitations to everyone on your contact list has been posted to Time’s website. It’s worth a read. Sean Gregory, Tagged: The World’s Most Annoying Website.