Google is advising all its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised.In a blog post, Google said that it was directly contacting users in Iran who may have been hit by a man-in-the-middle attack.
The move follows the compromise of Dutch SSL certificate authority DigiNotar. Hackers created fake SSL certificate credentials for Google.com and many other domains. These fake Google credentials were used to run man-in-the-middle attacks against Gmail users in Iran, according to an examination of authentication look-ups logs at DigiNotar and other evidence.
Specifically, Google recommends that users in Iran change their passwords; verify their account recovery options; check the Web sites and applications that are allowed to access their Google account; check Gmail settings for suspicious forwarding addresses or delegated accounts; and pay attention to warnings that appear in the Web browser and don't click past them.