Official Google Blog Gets Hacked After Message On Security

The Official Google Blog was hacked over the weekend, happening
embarrassingly after Google had just posted about how seriously it takes
security. It’s also follows a pseudo-hack earlier this year, when someone else
took over the Google Blog when the company accidentally deleted it.

The hack was covered in
various places.
Google Blogoscoped has a good
on what was initially posted (and screenshot
here), an anonymous
message saying that Google’s click-to-call project had been cancelled:

After concientiously considering, Google has decided not to continue with
Google Click-to-call project. The project has been in the media on last days
because of the notice of Google agreement with e-Bay. We finally consider
click-to-call agreement with e-Bay a monopolistic aproach that would damage
small companies in the CRM area.

It felt like a hack to many, certainly to me as well, and I
posted the
same to Google Blogoscoped:

Got to be a hack. Especially notice what’s currently tops on the Google
blog, a post all about how "Google takes security very seriously and designs
all of its services and applications to protect your privacy and data
security." This almost certainly is someone reading how "we keep the bad guys
out of our systems" and thumbing Google’s nose to show nope, they don’t.

That post from the Google Blog about security
in full:

Most readers of this blog are familiar with our
mission to organize the world’s
information and make it universally accessible and useful. Maintaining the trust
of our users and ensuring a positive experience using our products and services
is paramount to our ability to accomplish our mission. As a result, Google takes
security very seriously and designs all of its services and applications to
protect your privacy and data security.

Behind the scenes of these efforts is the Google Security Team. We keep the bad
guys out of our systems and have brought you features like

the anti-phishing extension
in Google Toolbar and

warnings about Internet malware
. As part of our commitment to security,
we’re putting up some additional help content to let users and security
researchers know how to quickly contact us on these issues.

We’ve learned that when security is done right, it’s done as a community, and
this includes everybody: the people who use Google services (thank you all!),
the software developers who make our applications, and the external security
enthusiasts who keep us on our toes. These combined efforts go a long way toward
making the Internet safer and more secure.

Please visit our new
security page
and feel free to contact us anytime at

The post is incredibly ironic given what’s now posted at the top of the blog:

A bug in Blogger enabled an unauthorized user to make a fake post on the
Google Blog last night, claiming that we’ve discontinued our AdWords
click-to-call test. The bug was fixed quickly and the post removed. As for the
click-to-call test, it is progressing on schedule, and we’re pleased with the
results thus far.

A bug, also known as a security problem. So much for that trust Google was
hoping to maintain with its users. It also happens ironically
after publicity
about Google shifting attention to improving existing projects, rather than
rolling out new ones.

Philipp Lenssen at Google Blogoscoped pointed out what a nice visual contrast
the two posts make and posted a screenshot. I couldn’t help doing the same:

Google Blog Announces It Was Hacked

In March, Google deleted its own blog accidentally, allowing someone else the
ability to claim the old Google URL and keep the blog running for a short time
outside of Google’s control.
Official Google
Blog Deleted, Blogger Registers
has more about that.

Finally, the hacked post was published by someone calling themselves Maximal.
I found a

from another Maximal on Google Groups asking for help recently with the
Google Data API.

Hi, I am making tests with Google Data API to publish my posts. The problem
is … my posts are being published into "the Honourable Dr Mantombazana
Tshabalala-Msimang South Africa’s Minister of Health" blog (I don’t have to
say I am not the minister of health of South Africa).

Any help before Honourable Minister of Health of South Africa would speak
with Interpol would be apreciated.

Perhaps related?

Related reading

Search engine results: The ten year evolution
Five ways PPC customer support can help SMBs
#GoogleDoBetter The latest on internal issues at Google and Alphabet
Google Sandbox Is it still affecting new sites in 2019