Cross posted from the Google Security Blog
We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail. While Google’s internal systems were not compromised, we are directly contacting possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users.
While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts:
- Change your password. You may have already been asked to change your password when you signed in to your Google Account. If not, you can change it here.
- Verify your account recovery options. Secondary email addresses, phone numbers, and other information can help you regain access to your account if you lose your password. Check to be sure your recovery options are correct and up to date here.
- Check the websites and applications that are allowed to access your account, and revoke any that are unfamiliar here.
- Check your Gmail settings for suspicious forwarding addresses or delegated accounts.
- Pay careful attention to warnings that appear in your web browser and don’t click past them.