- Google found some suspicious activity in the Gmail account that's associated with the Blogger account, which is Judy's (she rarely uses it). Google promptly shut the account down, which is a good thing.
- When Judy logged in to Blogger to publish some comments, the system informed her that she had no access. A quick Google (yes, always) search informed her of the Gmail security issue.
- She logged into her Gmail account, verified her identity by receiving an activation code via text message, and Google quickly restored access to all associated services (Picasa, Google profile, etc.) That is: everything but the blog.
- While we had backup files, that didn't do us any good, as Google was not giving anyone access to the blog -- neither to the owner nor to readers.
- After Thomas communicated with the Google folks via the online forums and asked them to restore access to the blog, it was done within a day -- sometimes it just takes a while for all the information to be re-linked to your account.
Here's what we learned:
- Add a second user to the blog. We've now added Thomas as an administrator to our blog. If the Gmail account gets hacked again, Thomas will have access and the blog won't be owner-less in cyberspace.
- This all happened because Judy's Gmail password was weak. Bad Judy: she uses the highly sophisticated password database Keepass (we wrote about it here), but her old Gmail password was too easy to guess. Easy lesson: use difficult passwords with special characters and numbers. Keepass automatically generates complex passwords.
We are generally very happy with Blogger, but also use Wordpress for other blogs and websites. For now, the issue was user mistake (weak password) combined with a smart hacker with a smartphone in Brasil (who sent out some drug-related e-mails on Judy's behalf). We are incredibly grateful it's been resolved. We wanted to share what we learned so it doesn't happen to you.