[UPDATED] Google disables Baltimore officials' Gmail accounts created during ransomware recovery

[UPDATE 5/23/19. 2:44pm PT: a Google spokesperson contacted me with the following statement: "We have restored access to the Gmail accounts for the Baltimore city officials. Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network." An anonymous source told me that the accounts were disabled when Google detected bulk account creation, which is "highly correlated to spammy and fraudulent behavior."]

"Gmail accounts created by Baltimore officials as a workaround while the city recovers from the ransomware attack have been disabled because Google considers them business accounts that should be paid for," reports Ian Duncan of The Baltimore Sun. As my IFTF colleague Dylan Hendricks pointed out on Twitter, this is an "amazing signal about the massive security vulnerabilities of technology-based bureaucracies."

From The Baltimore Sun:

Mona Rock, a spokeswoman for the Health Department, said she logged in Thursday morning and can see old messages but not send or receive old or new ones. She said there was no notice showing why the account wasn’t working.

The ransomware struck on May 7, locking up city records and shutting down baltimorecity.gov email addresses. The hackers behind the attack demanded payment in the digital currency bitcoin to turn over the keys to the files.

The mayor’s office has said it could take months to recover. In the meantime, many officials have been using Gmail accounts along to communicate.

Read the rest