nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Mysterious Gmail account lockouts prompt hack fears

Happened to me.

The request to re-authenticate happened to me last night. I actually rebooted my phone twice trying to determine if it was legitimately play services asking for me to re-authenticate. As best I can tell it was a "legitimate" request by Google Play services, but it has never happened before and definitely left me scratching my head...

Any follow ups/updates by El Reg are appreciated!

35
0

Re: Happened to me.

Huh... Yeah, I was prompted to re-authenticate as well... But I'm still logged into my Google account.

Any actual reason to worry?

5
0

Re: Happened to me.

Same here, although after a reboot I've not been prompted again

4
0
Silver badge

Re: Happened to me.

Me too, with Google Apps for Business. Despite successfully logging on successfully via the web interface a reboot of the phone wasn't enough to get me back in there - had to resubmit login credentials (which I was postponing until the issue had been acknowledged).

5
0
Bronze badge

Re: Happened to me.

Same here, on one of my accounts.

0
0
Silver badge

Re: Happened to me.

Same here this morning, and this if for my phone and I practically NEVER use that gmail account for anything else. Certainly not in the last few months.

Just wondering - are they migrating password hash algorithms and this is a route from SAH-1 to SAH-256 or similar?

4
0
Silver badge
Black Helicopters

Periodic Timeout? Re: Happened to me.

I've had to re-log-in a fair few times on my mobile - I had thought it was due to me logging in to gmail on the PC without closing the app on the phone (yes, old habits die hard), or because it had magically turned itself off* and at other times I thought it was due to my insistence on disabling lots of services and overdoing it.

First time got a WTF and clear-all and confirmation of what was demanding the re-log-in, now the WTF is just FFS instead. But lots of other people at the same time? Definitely something hinky going on, the usual cause is the government installing another black box somewhere.

* by cleverly using up the battery by doing Unknown Things and switching H/H+ every few seconds because that's really important while the phone is just sitting there, seems to depend on what had been running, even if all cached apps are cleared, obviously my mind was harder to control at those times...

1
0

Re: Happened to me.

Same here, but only with one of my accounts.

0
0
TRT
Silver badge

Re: Happened to me.

Me too on all my Apple and Pc devices. That's lots. Thought it was associated with my work Mac crashing but evidently not.

0
0

Same here and on 2 of my devices at exactly the same time.

4
0
Coat

"A substantial number of Gmail users"

How are we quantifying a number of substance in these times of post-truth pre modern Brexit wotnot?

14
0
Silver badge

Re: "A substantial number of Gmail users"

Since Google is in the States, that has to be "pre/post truth, alternate facts, fake news".

4
0
Silver badge

2 google accounts 2 devices. One asked for reauthentication the other not.

5
0
Anonymous Coward

Dammit, people! Now I have to check mine... same here, but both mine worked fine. 2 accounts, neither ask for new auth on the iDevice, will check from the S4 later. It stays home and only does Kodi now.

"While we've been waiting for a response, we've canvassed security folks through Twitter, two of whom have said they've been been asked to reauthenticate themselves and log back into their Google accounts."

Sod that! What's kind of bread products are in the break room?! It's Friday. There should be some kind of donut, doughnut, danish, great Dane, scones, bagels, toast, crumpets, tea cakes, regular cakes, muffins, biscuits the hard ones, cronuts, bagumpets, biscuits but different ones more like soft cookie-cakes, and a cheese bramble. And wash it all down with lashings of piping hot screwdriver!

You know that your G-account should tattle-tale any bad logins too, in case that was the cause of the reauth. It's a mystery.

0
2

Same here....

I have four Google accounts (I know, I know...) one of which has two-factor authentication enabled. The other 3 are more "throw away" and don't have that enabled. The three without two-factor authentication were the ones asked to re-sign in.

6
0
Silver badge

Re: Same here....

Yep, got locked out on one account with a "command not recognized" error on Thunderbird logging in via imap with Oauth2.0. An older computer that I hadn't used in a year or so and hadn't set Oauth wasn't allowed to log in to that account as well. I got imap mail back about 9 am (PST) Friday morning but still can't get in with a browser or other devices since it won't recognize responses to security questions and the recovery email address is long gone and I'd forgotten to update it. I guess I'll be transitioning off that account to a new one.

1
0
Anonymous Coward

Weird.

Same here, noticed it on chrome browser (sync error, please sign in) and a nexus7, but not on nexus5x or other android tablet.

Cleared the browser sync by logging back in (2-factor with mobile) but nexus7 would not have it, stuck for an hour. Also, chrome browser could not reach gmail server for 30 minutes, but the android phone could.

No notification on google security status, no other log-ins, five different google accounts but only one affected, very weird.

Changing security details tonight.

4
0
Silver badge

Re: Weird.

It'd be interesting to know which versions of Android are affected. My Android 5.0 mobe hasn't had any issues.

4
0

Re: Weird.

Latest version of Andriod here - but had just been notified that GoogleMail app had updated so, having checked it was legit, I logged back in and it was all fine, believing it was just down to the app updating.

It was a little worrying, though - but Google seem to take security seriously and I normally get separate notifications if there are any changes to the account (the message simply said that due to a change, I'd been logged out for security reasons and needed to log back in).

0
0
Silver badge

Happened on my edu account

woke up this morning to find my email address through my school required re-authentication. They had just migrated over to Google for hosting email.

Although looking at what happened, I think its that their infrastructure fell over and lost a large number of authentication data, so devices would have to re-create tokens.

4
0

Also happened to me

Happened on my phone 2 days ago. Logged in, seemed fine. Then I saw this article and logged in on my home PC. Immediately got an alert on my phone that a new device had logged into my account. I checked my device list and found only my phone and home PC, which is a couple devices short of the normal list.

Looks like they lost the list of devices that I have used to access my account.

5
0

Checked in to my Gmail account on laptop (thru VPN) - used two-factor authentication and accessed as normal. Also accessed emails via Thunderbird (thru VPN), and no problems.

Looking at some of the Gmail forum threads it seems there may be some link to Apple accounts....but it's all very vague, and Google don't seem to be helping out with facts at the moment.

1
0
Bronze badge

The one I had to reauthenticate is linked to an Android phone. The one I didn't is used on iDevices.

0
0

Happened in spectacular fashion to me.My computer died. Had to do a restore. Also a mouse was fried long with a new 2 TB drive.When I try to restore my account Google eventually tells me it does' not exist.

1
2

There was some discussion about this possibly being related to Cloudbleed too but comment 24 in https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 says definitely not.

0
0
Anonymous Coward

I can't log in at all !

.. but I am pretty sure of the cause.

I don't actually have a Google account.

15
3

Me too.

I got re-authorisation requests for both of the Google accounts that I have connected to my Nexus 5 yesterday.

I did find it strange as I hadn't changed anything and also hadn't seen any of the usual 'was that you?' alerts that turn up every time I access either of the accounts from an IP address that isn't associated with me by Google.

It sounds more like an inadvertent thing rather than anything suspicious. After all, the powers that be can already read everything that we do on Google and a global hack of Google accounts by other actors would seem unlikely.

3
0
Bronze badge

Me Too...

No spam or phishing shit and also happened yonks ago a couple of times, so IMO not new, sick of doing it on multiple accounts BTW, IDK.

0
0

Request to log back in on phone only - Pixel XL

I was logged in on 3 devices and receive a re-authorization request on my phone only. Updated PW immediately and checked for suspicious outbound emails, none found.

0
0
Anonymous Coward

Yup

here as well 2 days ago... 2 accounts, 2 phone, 2 laptops.... don't have Apple.... so guessing that's not it.......

1
0
Silver badge

"very security conscious"

"IT professional who got locked out of his Gmail account"

"very security conscious" and using a gmail account?

Pull the other one.

13
5

Re: "very security conscious"

Was thinking along the same lines but giving him the benefit of the doubt. Surely that is not his primary email account.

You can't use Google Webmaster Tools and some of their other services without a Google account. So we are pretty much forced to have a Gmail account. Putting anything else into it of importance is lazy, but there is no real choice in the matter if you use their services for yourself or on behalf of your clients.

5
0
Bronze badge
FAIL

Re: "very security conscious"

Google had already mentioned authentication outages on the service blog.

Given the only affect from all the "hacks" (LOL, what a tool), is lot of people being signed out, isn't it far more likely this is just the previously mentioned auth outages.

2
1
Anonymous Coward

Re: "very security conscious"

"very security conscious" and using a gmail account?

What's wrong with that? Google have a pretty spectacular security record (in the good sense), and are undoubtedly doing a better job than pretty much everyone else out there.

If you can't see this, then you are frankly an idiot.

6
0
Silver badge

Re: "very security conscious"

"very security conscious" and using a gmail account?

What's wrong with that? Google have a pretty spectacular security record (in the good sense), and are undoubtedly doing a better job than pretty much everyone else out there.

Have you looked at their "privacy" policy or their T&C's? You might find that google claim a lot of rights to the data you put on their servers, and deny you all.

Was going to use G+ along with FB et al for a business venture. Reading the T&C however, you give them rights to use any data you put on their for their purposes including selling and making derivative works, and that is a perpetual license to. FB are actually the decent ones here, they only claim the rights to publish any data you make public.

I do use gmail and I haven't read their T&C recently, but seeing what they do with G+ you'd be a fool to use it for business stuff - you give them ownership of your logo and any other data you place on there.

1
1
Anonymous Coward

Re: "very security conscious"

I think you just made that horseshit up.

https://www.google.com/policies/privacy/

The word derivative isn't there.... So please tell us exactly where you came to this conclusion.

0
0
Anonymous Coward

Re: "very security conscious"

" FB are actually the decent ones here"

Are you really sure FB and decent should be used together like this? Or ever?

You might find they hid the bit where you agree to them owning all your data and can use it as they please?

I also doubt Google can claim ownership over your business logo, especially as such logos are often registered trade marks and transfer of ownership tends to involve lawyers and fees...

0
0

Same with me.

0
0

G talk about it here

https://support.google.com/wifi/answer/7335595

glitch in account auth engine

1
5
Anonymous Coward

Curious, I'm sure this article was related to GMail, not G-WIFI!

1
0
Silver badge

's kinda weird.

GMail ain't my primary mail account (I run my own mail server) but it's useful to have it linked to my phone. This morning I got a notification on the phone saying 'something has changed you have to sign in'. So I signed in..and that was that.

No explanation of what had changed and no further comment from GMail.

This article prompted to check using my laptop and it got straight on using it's login cookie so..um?

Good job I don't use it for anything important :-/

3
0
Anonymous Coward

And these are the guys

that want their code to drive your car for you.

8
2
Silver badge

Re: And these are the guys

No problem, just walk the 20 miles back home and get the OTHER phone you added to the account and authenticate your credentials on that, then simply walk back to the car and it should be unlocked for you.

0
0

Happened about 2 weeks ago on my Android phone. No problems on my IPAD...

There's no way I'm going to "re authenticate". When I get the chance, I'm going to wipe the phone and go from there.

I don't trust the security in Android.

I think it happened after an OS update pushed from my ISP, but I'm not typing in any passwords to be safe. I bet this all will get tracked back to the ISPs.

I only use the Android as a phone and as a backup way to get emails, so no important data, no rush.

0
0

Thought this was odd. Happened to me too. Tried to change password via mobile but Google didn't like it. Managed to change it via desktop. Then logged in with new PW on mobile and Google message went away.

Maybe it has something to do with a recent Android update?

0
0
Silver badge

"Maybe it has something to do with a recent Android update?"

I wish! I can't remember when my phone provider last pushed an update out, despite there being updates created by Google.

2
0

Not a system update but Android Google app / services updates. I got a recent BlackBerry security update but it caused no problems. Android Messenger was updated, again, today. I don't use it.

1
0

Happened Again¡

Have just got another message thus evening on my Android mobile telling me my password needs updating. Weird, as have just done it via laptop.

I also got a mail from the big G telling me about, my, password update!

What's up?

0
0
Silver badge

Something strange is going on

While not locked out, I've had some strange things happening as well.

0
0
Anonymous Coward

Re: Something strange is going on

Trump...?

1
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing