The Reason Gmail Users Got Spam - From Themselves

You interweb users are so entitled. This technology stuff is complicated, ya know.  JL


Jack Morse reports in Mashable:

Account holders discoverd spam emails sitting in their sent folders, and even after changing passwords the emails kept going out. Some of these people had two-factor authentication. A Google spokesperson admitted the issue relates to a "spam campaign impacting a small subset of Gmail users." Google employee Seth Vargo tweeted in reply to one such complaint that the company's "engineering teams are aware of this and are working on a resolution :)"
Something is not right in the land of Gmail.

Numerous account holders woke up Sunday morning to discover a raft of spam emails sitting in their sent folders, and that even after changing their passwords the emails kept going out. At least some of these people, including a Mashable editor, had two-factor authentication enabled on their accounts.

"My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recongnize," read an April 21 post to a Google Help Forum. "I changed my password immediately after the first one, but then it happened again 2 more times."
As to the email going out? It's vey much the definition of spam.
"The subject of the emails is weight loss and growth supplements for men advertisements," read the same Google Help Forum post. "I have reported them as spam. Please help, what else can I do to ensure my account isn’t compromised??"
Many people replied to the post saying the same thing was happening to them.

One of the spam emails.

Image: mashable

"[My] account is totaly secure with 2 factor authetication and the sent by telus.com messages are still being sent," read one such reply. "[Fix] your shit google."
So what's going on here? A Google spokesperson admitted that the issue relates to a "spam campaign impacting a small subset of Gmail users" in a statement given to Mashable. You can read the full statement right here:

We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center.

Prior to our receipt of the statement, Google employee Seth Vargo tweeted in reply to one such complaint that the company's "engineering teams are aware of this and are working on a resolution :)"
One thing the sent spam emails seem to have in common, other than the fact that they're all garbage, is that many appear to be sent "via telus.com." TELUS is a Canadian telecommunications company, and it's not clear what role it plays in this mess.