September 8, 2011

Gmail account security in Iran

We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail. While Google’s internal systems were not compromised, we are directly contacting possibly affected users and providing similar information below because our top priority is to protect the privacy and security of our users.

While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts:
  1. Change your password. You may have already been asked to change your password when you signed in to your Google Account. If not, you can change it here.
  2. Verify your account recovery options. Secondary email addresses, phone numbers, and other information can help you regain access to your account if you lose your password. Check to be sure your recovery options are correct and up to date here.
  3. Check the websites and applications that are allowed to access your account, and revoke any that are unfamiliar here.
  4. Check your Gmail settings for suspicious forwarding addresses or delegated accounts.
  5. Pay careful attention to warnings that appear in your web browser and don’t click past them.
For more ways to secure your account, you can visit If you believe your account has been compromised, you can start the recovery process here.


  1. I suggest that all user use Chrome

  2. Could you give some details on how Chrome users were protected from this attack ?

  3. Why Google don't become a Certificate Authority himself ?

  4. What makes Chrome more secure than say Firefox run in a sandbox?

    Answer is: nothing.

    Any program run in a sandbox is secure, because when you close the browser whatever is downloaded without your approval is gone forever. So this post is nonsense.
    Sandbox plus secure updated firewall, plus updated A-V: as long as it is not Symantic or McAfee, plus active scanning enabled plus a secure browser: not Internet Explorer, plus turning off remember passwords and such will make your internet experience more safe and secure.

  5. Kudos for including more stringent certificate verification for crucial sites. Perhaps automated reporting as a next step?

  6. This is very important information. Gmail account security is must. Everyone is having their personal accounts & having any type of personal information in it. These tips are useful & if there is any threat for security of accounts then everyone must follow these. Thanks for your valueable contribution.


You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.