
Gmail – some users being signed out of their accounts unexpectedly - uladzislau
https://support.google.com/accounts/answer/1187538
======
aub3bhat
Can confirm this happened to me this afternoon on my android. Went into a full
panic mode. I refused to type passwords since I was worried it might have been
another app imitating Google and I had no recollection of any action that
would have required me to sign in again. I made sure that my password was
correct on my laptop browser to ensure that I was not fallen for a account
compromise. Eventually restarted the phone, ran lookout security app and then
typed it on smartphone.

~~~
JorgeGT
> I refused to type passwords since I was worried it might have been another
> app imitating Google and I had no recollection of any action that would have
> required me to sign in again

Same for me! So follow-up question, how do we know if an android app is the
real deal? I opened the app switcher and it certainly said "Google Play
Services" on top of the window asking for my password, and had the correct
logo, but could other app present itself in the same way?

~~~
Aaargh20318
> how do we know if an android app is the real deal?

You don't.

Not that it really matters, if you care about security you shouldn't be using
Android in the first place.

~~~
JorgeGT
Don't let the perfect be the enemy of good. Or in other words, I try to adjust
my opsec/persec to a realistic threat model, not to my worst dystopian
nightmares.

~~~
Aaargh20318
This is not about dystopian nightmares, this is about an OS where it's
exceptional to EVER get an update, let alone get it in time.

If you go out to a shop and buy 100 Android phones, at least 99 will be
running outdated OS versions with known security issues and no updates
available.

~~~
tripzilch
But why aren't these Android phones getting hacked left and right, everywhere?
Any idea?

Where I am (the Netherlands), Android is way more popular than iOS--I'm not
attaching value judgement to popularity or otherwise, nor am I particularly
doubtful of your claim that the average (cheap) Android phone is running an
outdated version.

But if that's the case then what is going on?

Are they not juicy targets for hackers? (tons of personal information, botnet
possibilities, seems valuable to me)

Or are they in fact being hacked quietly and we're not hearing much about it?
Is everyone's cheap phone already part of a botnet and nobody realizes?

Is it perhaps that the exploits require physical proximity that hackers don't
deem worth the risk?

------
a1r
Update from Google status page:

We're still actively working to resolve issues with Identity/Authentication.
Future updates will follow when there is significant progress to report.

To summarize; some long-lived OAuth tokens have inadvertently been
invalidated. This may affect the following Cloud services and will manifest as
authentication errors:

Cloud APIs using OAuth tokens, and related services that use them

gcloud SDK

Cloud Storage gsutil

Cloud Dataflow

Note: not all customers are affected by this.

OAuth tokens may be recreated by running the following commands:

$ gcloud auth application-default login

$ gcloud auth login

[https://status.cloud.google.com/](https://status.cloud.google.com/)

~~~
bm98
It's odd that the status pasted in the parent has disappeared from
[https://status.cloud.google.com/](https://status.cloud.google.com/) , as the
page seems to be designed to keep event history - but it's not in the history.
I can still find it in Google's own cache, though - in the snapshot of the
page as it appeared on Feb 24, 2017 11:19:38 GMT.

------
jobeirne
Actually ended up wiping my phone because this coincided with a weird set of
text attachments I got from someone who didn't knowingly send them. At that
point I wasn't sure that my phone wasn't being keylogged, so I wiped to be on
the safe side.

~~~
mrb
As in InfoSec guy, I confirm you did the right thing. Better be safe than
sorry!

------
folli
OT: they mention that they've "gotten reports about some users being signed
out of their accounts unexpectedly". I'm wondering how they get any such
reports since it's almost virtually impossible to contact anyone at Google.

~~~
Malice
It happened to google employees too (my guess).

------
robgolding
We noticed this affecting tens of thousands of users on Zapier last night,
causing us to wonder if we'd shipped a critical bug. Zaps using Google apps
are still paused[0] while we wait it out.

[0] [https://status.zapier.com/](https://status.zapier.com/)

~~~
ryanmaynard
Anecdotal, but I know of roughly two dozen users that are not using Zapier in
any way that were also affected by this.

------
pagade
Got a pop up on my mobile. How to check the pop up was not impersonated by a
different app?

~~~
mook
On some versions of android if you long press on the popup it will show you
which app it's from. This obviously doesn't work for not-android and older
versions, though.

------
MaggieL
I had this issue too. I'm already on two-factor with Authenticator, so it
wasn't a big deal. Since nothing had changed with my account, and the device
history looked proper, I assumed it was a token expiration deal. Which is what
it turns out to be. Good to know that was the problem.

------
corecoder
The nicest thing about this affair is that Google Play Services kept popping
out every few seconds asking me to enter the password while I was driving
(using Waze).

Is it that whatever the issue that caused all this kept happening again and
again every few seconds, or is it that once Google Play Services determines
you have to login back, it intentionally nags you making your mobile hard to
use?

------
prplhaz4
No surprise that I've only heard about this by reading it on HN, despite the
fact that I had this problem yesterday. I consider it an operational failure
when customers are the first ones to identify issues, double fail when they
are not proactively made aware of issues that WILL affect them.

Like others, I also had a moment of extreme panic where I thought something
had been compromised, as it also seems to have coincided with an issue where
Google Voice SMSes (2FA) were not going through.

------
antoineaugusti
Happened to my work account and my personal. Got a scary notification on my
phone telling that "Something changed on my phone and I need to login again"

------
mynewtb
So Google does not know the reason but tells us to stay calm? I was and am
creeped out majorly by this.

~~~
gpawl
Better than telling you to panic, right?

~~~
amelius
Well even if there is no immediate danger, still it "proves" that Google has
problems controlling its security and/or software engineering process.

------
dantiberian
I assumed this was a reset from Google due to the Cloudflare stuff, but seems
like it wasn't?

~~~
6nf
I would be surprised if Gmail sent any tokens or credentials via Cloudflare

~~~
dawnerd
Fear might be shared email/passwords since thats really common.

~~~
wapz
What's the fear? Aren't all passwords encrypted on the server side?

~~~
pshc
But if an in-transit plaintext password is leaked by CloudFlare, server-side
encryption is irrelevant.

(... that said, it's not like revoking sessions would impede a password-
holding adversary...)

~~~
amatriain
It would for users that have 2FA enabled.

------
ryanobjc
Happened to me on mobile and work. And my @google account - we truly are
dogfooding :-)

~~~
uladzislau
Is it connected to Cloudflare incident?

~~~
polishTar
No. Just coincidental timing.

[https://bugs.chromium.org/p/project-
zero/issues/detail?id=11...](https://bugs.chromium.org/p/project-
zero/issues/detail?id=1139#c25)

Gmail doesn't use cloudflare.

------
Sami_Lehtinen
Title is misleading - I wouldn't say Gmail. It's disinformation. It's generic
Google Account issue. I got logged out from my Android device suddenly.
Logging in a few hours later worked out just well.

------
zaggynl
[https://myactivity.google.com/myactivity](https://myactivity.google.com/myactivity)

>10:44

>Visited Sign in using backup codes - Accounts Help

I don't recall signing in using backup codes..

Nothing odd appears in
[https://myaccount.google.com/notifications?pli%3D1](https://myaccount.google.com/notifications?pli%3D1)

~~~
gingerchris
That's the page linked from this post, not an actual sign in

------
lstamour
Related - OnHub & Google Wifi devices reset due to Google Accounts bug:
[https://productforums.google.com/forum/m/#!topic/googlewifi/...](https://productforums.google.com/forum/m/#!topic/googlewifi/38Q-v9lBDRg)

------
fulafel
A lot of people probably left with accounts created for their Android phones
and no idea what their password is.

------
Freestyler_3
Happened to me too, pain to log back in on google play (not allowed to paste
password in)

It initially gave me a message that something had changed and I needed to log
in again, I can't remember if that was on outlook (yes, I use outlook to get
my gmail) or on google play.

~~~
ben174
> not allowed to paste password in

This kills me oh so very much.

~~~
Sunset
AutoHotKey

~~~
Freestyler_3
Is that something for phone or computer? Because I was talking about my phone.

Would prefer if keepass2android had some autotype feature built in for android
:D

~~~
vanous
It has. Don't use clipboard to propagate the password but use
keepass2android's keyboard.

------
shade23
This happened to me too. And having 2FA enabled makes it a pain when you are
logged out of _all_ your devices. I checked my usage history but could not
find anything. And this article really does not explain why.

~~~
pavanky
I got logged out from multiple accounts on multiple devices. Today is being a
pain :(

------
amingilani
Happened on my phone and my Mac. I thought it was odd but wrote it off to a
developer having programmed a computer to be stupid somewhere. Turns out I was
right.

------
nottorp
Incidentally, recovering a google account password from a phone, when you have
access to said phone but haven't given them the phone number, doesn't work. I
kept being told that google will send a token to the phone, and got a dialog
saying 'do you want to log in?', i pressed yes, and nothing good happened.

Fortunately it was a test phone with a throwaway google account - otherwise
i'd have known the password.

~~~
thenickdude
I suspect that their phone recovery service's capacity is overloaded right now
with everybody else trying the same thing.

------
cdr
I wonder whether this is why every Google router (OnHub, Wifi) on Earth shut
down about 2PM PST yesterday and requires a factory reset to get running
again.

[https://productforums.google.com/forum/#!topic/googlewifi/38...](https://productforums.google.com/forum/#!topic/googlewifi/38Q-v9lBDRg)

------
johndoe4589
I was booted off YouTube streaming on my AppleTV. Then my main account
disappeared from iOS GMail app, even though a secondary GMail account was
still there.

Was afraid my accoutn was hacked. My GMail password is unique and quite long
compared to my other pw so I doubt someone could find it.

I added the account again on the iOS GMail app and then signed in YouTube and
it was back to normal... hmm.

------
simplehuman
At google's scale, it seems "some" === 10 million :-)

------
jasonkostempski
This happened to my Android phone yesterday while I happened to be going
around updating my passwords all over the Internet because the ones where I
had used the same one were getting attacked left and right over the past few
weeks. I never used that password for Google but I thought just maybe there
was a forgotten access point to my account where I had. It sent me into quite
a panic for 10 minutes or so. Needless to say, I'm now using a password
manager for everything, even on sites where I wouldn't normally care if
someone got in.

------
rcarmo
Happened on both my Macs roughly 12h ago, on two out of three accounts. Had
2FA configured for Google Authenticator, so took the time to refresh the OTP
and bind it to 1Password instead.

------
chmars
Same here … I have a few Google accounts and on most devices, I was logged out
(and I use the same Google account usually more than once on a device, so
today is going to be busy!).

------
GFischer
This happened to me. Since I've had my Google account breached once (and my
mother had an awful experience), I have 2FA enabled... but the text messages
weren't arriving (I guess Google was swamped or something).

I fortunately had the ten backup codes.

I'm really happy to hear it wasn't another attack on my account. It also
reminds me that Google can be unresponsive :( and how much I depend on them
(both my Gmail and my Android were warning me)

------
kriro
Only happened on my phone, not desktop/laptop. Haven't logged in as it could
be some sort of attack. Any updates/info? Is a phone wipe in order?

------
dba7dba
Happened to all my email accounts I have on my Android phone. I thought this
was a planned, intentional change by Google and so I logged in with 2FA...

------
crisopolis
When this happened to me on my mobile; I had to dig up the password from my
password manager. Then it asked me to NFC/tap my physical security key
(YubiKey). Then the screen disappeared and all was well.

I never seen that flow before with the security key usually it's the
SMS/GAuthenticator.

Still haven't fixed my email clients on my Mac, lol.

------
throwaway29292
Definitely a wild weekend for InfoSec everywhere.

------
uladzislau
I actually thought that some sort of fishing attack is going on because my old
password didn't work and I have to reset it.

------
asdz
Happened to me too this morning, all my devices (mobile, laptop, desktop) all
signed out :S I thought something fishy going on.

------
drazvan
On my wife's iPhone, it asked her to enter her password again and the weird
thing is that it now shows as a new device, called "iPhone" instead of
"Cristina's iPhone" as it was before. A few hours later it happened on my
Galaxy S7 as well but re-entering passwords fixed it.

------
Nomentatus
I don't believe I'll be signing in again on my Android tablet. I've installed
the apps I want, and being signed in is an extra risk, so I'll just curse
Google every day for making me work around their begging me to sign in again,
instead.

------
omegote
Same happened to me last night, but only on my phone. It said something "had
changed" in my account wtf.

------
brewdad
I had this hit me today. It happened right after I had disconnected from a VPN
connection and connected directly to the internet. I assumed it was caused by
a sudden change in "location". I guess not. I use 2FA, so I'm assuming I'll be
ok. Maybe I should change my password.

------
Jordrok
Also had this happen to me and had my parents call me asking about it. A few
warning bells did go off in my head, but as far as I could tell it all looked
legit. Kind of disturbed by the lack of communication by Google though, since
it seems to be affecting so many people.

------
joaodlf
I had this happen on two of my devices: Android Phone and laptop (macbook).

Seeing as it happened on two different devices, I have little reason to
believe it's some sort of Android Malware. Attempting to login with my old
password on incognito is a success.

Compromise or not, I recommend changing passwords.

------
FabianBeiner
This happened to me also. And: All the apps I used to authenticate, are gone
(eg. IFTTT, Unroll.me, …).

------
j_s
I first thought that this was because I hadn't yet accepted the new-ish ToS
after they decided to cross-reference history for ads a few months ago...
signing back in popped up another 'agree to ToS' as part of the process.

------
murrayb
Yep, happened on both my Android phone and the Remix Mini attached to the TV.
No issues on any of the PC's I use though.

Would it even be possible (assuming say full ownership of the device) to fake
the 2FA and still log you in to your account?

------
lobo_tuerto
Could be this related to cleaning/securing up after the cloudbleed accident?

~~~
quiquex
It seems it's not related: [https://bugs.chromium.org/p/project-
zero/issues/detail?id=11...](https://bugs.chromium.org/p/project-
zero/issues/detail?id=1139#c25)

------
Flammy
Happened on one browser, of one device this afternoon. Other browser on the
same computer, and other devices, were not impacted...

Like most here I assumed it was just a random, regular occurrence, and didn't
pay much attention.

------
mnw21cam
Woke up to this message on both my phone and the wife's. Problem was, the
correct password did not work in either case, so had to recover using a text
message. This suggests something more serious.

------
throwaway2016a
I don't usually do +1 posts but...

Had this happen to me on my Android. Real pain in the neck since I have 2FA
and I use an offline password manager that I had to re-sync to get the
password over to mobile.

------
kevinmannix
This happened to me. Thought I was either being fired & locked out of my
account, or that I had fallen for a phishing scam. I don't know which one
would be more embarrassing.

------
techaddict009
Happened to me. Signed out of all my devices & browsers!

I thought I was in sleep and had signed out of my mobile. But then same in
mac. Then I thought some issue for sure.. And reports are here...!

~~~
jzawodn
Yeah, same here. I was trying to figure out if _I_ had done something to
trigger it or, worse yet, if I'd been "hacked" (or someone got close and
Google noticed and killed all my sessions).

------
nthcolumn
Me too! Said something in my account 'had changed' when nothing had. I've had
to re-authenticate everywhere. So now they know.

------
reidrac
It happened to me in my phone and Chrome browser on my desktop; but my
password did work (using 2FA). Both use "app passwords".

------
kelnage
Happened to me with a Gmail.com account and 2FA enabled. Checked Google's
security log and everything seemed normal.

------
libeclipse
Happened to me too, only on a work email attached to a custom domain though
and not on any of my Gmail.com ones. Strange.

------
jlebrech
Maybe they are migrating user credentials to SHA-2 and don't want to be too
open about it till it's over.

------
peteretep
I got bounced from iOS gmail app and can't sign back in in that app only.
Logging in works everywhere else

------
Jayakumark
Happened to me as well i just reached 100% utilization on Google's 19gb
thought it was due to that.

------
r0muald
Same for me as well. I just assumed my account was being under potential
compromise, changed password, etc.

------
konart
Same here. Both primary @gmail.com and on-domain accounts were logged out (not
at the same time though)

------
sandworm101
Happened to my phone this afternoon. Odd, but thought it was because of my vpn
bouncing my IP around.

~~~
pavanky
Started happening around noon pacific for me.

------
marak830
Ahhy my wife mentioned this happened to her this morning, she thought her
account had been breached.

------
tiku
I guess this has something to do with the new feature of sending money through
Gmail?

------
bitmapbrother
According to Tavis Ormandy this had nothing to do with the Cloudflare data
leak, but I'm not so sure about that. It may not be directly related but could
be indirectly related to what Google did about the Cloudflare issue. It's just
too much of a coincidence.

~~~
brazzledazzle
If there's anything that I've learned over the years it's that you can have
two seemingly related outages that are in fact completely unconnected to each
other.

~~~
tyingq
Doesn't seem improbable that a Google employee somewhere might have chosen to
invalidate a bunch of tokens based on the cloudflare issue. There are 3rd
party sites that accept Google account auth. Also not that big a jump that it
wouldn't have been communicated well. Google doesn't always follow up with
some kind of "what actually happened" postmortem either.

------
edude03
Happened to me as well, I was signed out of every device I use google on.

------
degurechaff
Happened to my phone too.Suddden alert without any explanation.

------
lostmsu
Is there any kind of report or ongoing investigation blog?

------
rocky1138
This happened to me yesterday on my Android phone.

------
agumonkey
Happened on two accounts today.

ps: why the german text ?

~~~
Freestyler_3
I think google tries to get/guess your location and then gives you the
language of that region.

~~~
darklajid
Yes. If there only were a header that could tell the server which languages
the user considers acceptable..

No, geolocation is probably a great idea. /s

------
janwillemb
Seems not to happen on 2fa accounts

~~~
pshc
It happened on mine.

~~~
rdrey
Happened on mine too. In Chrome I had to re-auth with 2FA, in iOS I just had
to pick my gmail account from the account list without even reentering the
password. Very strange.

------
KevanM
This happened to me on Hangouts.

------
oldmancoyote
Same here. Had to log in again.

------
ocdtrekkie
Glad my Gmail account is no longer my primary email. Haven't seen issues with
it on desktop, but my Windows phone is repeatedly spamming a "your Google
account information is out-of-date" message.

Nothing in the Google Account panel for recently security changes though.

------
dandare
>We're investigating, but not to worry: there is no indication that this is
connected to any phishing or account security threats.

This statement is as ridiculous as it gets.

~~~
gpawl
Why?

~~~
dandare
They admit they do not have enough information to determine the cause, yet
they suggest there is little security risk. They can either not know or not
know, but not both at the same time.

At least that is how I understand the statement.

~~~
DannyBee
"They admit they do not have enough information to determine the cause" No,
they didn't.

It did not say "we have no idea, but it's probably not security related". It
said "we are still investigating, but it's probably not security related".

Those are very different statements. The first, yeah, reasonable complaint.
The second could mean a lot of things. Usually, in these situations, people
want to be able to put numbers on things, etc.

So it could reasonably mean "A something like "a bunch of machines are falling
over in a datacenter with out of memory, we've determined why, it was an
internal bug, fixed it, but are still gathering data about how much was
affected, etc, before we say more"

Or whatever. IE saying "we are investigating" doesn't necessarily mean they
are investigating the root cause, they could be investigating how long it will
take to fix it, ....

