Yesterday Google shut down all channels on its Google Talk message API, a move that I feel is pretty generous. From what I read, the decision is in response to my account being hacked recently. While the hackers may have taken power from the Google Account system and used it to log into my account, I’m wondering why Google only allows the contact verification where all the other channels are blocked: Google+ Contact, Google Talk Messenger, Gmail, Search, Google Alerts, Google Reader, All About Google, etc.
Google explains the reason for the failure in this note:
Over the last several weeks, unauthorized access to various Google channels has resulted in the suspected use of email credentials, however, due to a recent communication bot that was randomly visiting or forwarding certain channels, we have taken action to prevent unauthorized requests for contact information from future session. You’ll still be able to use the regular Google chat experience, but based on how the bot has been getting to your Google account, we have temporarily disabled the access to Google Talk to allow for more time to investigate.
In case you missed it, one of my Google accounts got suspended for a few hours because of a link I did not see on my account. Here’s Google’s statement about this from 6:27 today.
A hacker started replying to some Google channels but was not taking advantage of legitimate content. The hacker redirected all of the access to the hacker and also deleted the message storage on the hacker’s account. Today, after taking additional steps to investigate, we determined that the traffic to this channel was not associated with legitimate content and suspended access to it for monitoring. Also, we had to remove associated channels from the web for further investigation. While the hacker clearly did not access any legitimate content, we are banning access to this channel temporarily in order to conduct further analysis and evaluate the measures taken to protect our users from security risks. We will be removing these channels and making an exception for two key groups: For people using Google Connect, developers can continue using Google Talk for incoming calls from Google+ contacts. For developers, the following channels are not affected: Google AdWords, AppEngine, Intl. Contact Exchange, Native Apps, G4O, Google Marketing Services, Google Helpouts, Google P2P Video, G3 ActiveAgent, G3 DNS and G3 Furl. This action can help protect your users from accessing any information or account with known root access. Anyone with an account with a Google Account extension can suspend access to all channels.
Your Google account was not suspended this morning and the hackers did not try to access your email or access your Google profile again. If you had one or more of these channels, the issue is now over and you can continue using them.