Just a week after I wrote “Uh Oh, Gmail Just Got Perfect” a number of users started complaining that all of their Gmail emails and contacts were auto deleted.
The first message, posted on the Google Groups forum on December 19, stated “Found my account clean..nothing in Inbox, contacts ,sent mail..How can all these information residing in different folders disappear? ..How to write to gmail help team to restore the account..is it possible?..Where to report this abuse?.Any help ..Welcome..Thanks in advance ps101″
Other Gmail users then added to the conversation, saying that their emails had been deleted as well. Most of the users reported using Firefox 2.0 and that Gmail was open in their browser when the deletions occured.
The cause of the problem isn’t clear. One user wrote that after the deletion they received the following message: “This is not a mistake. All your emails and contacts have been deleted on purpose. This was a malicious attack and not an error. Have a nice day. =)” One user pointed to a known security issue with Firefox 2.0, which was fixed in 2.0.0.1.
On December 22, four days after the initial incident was reported, a Google representative posted this message on the thread:
Thank you all for reporting this issue. We apologize for the scare and
inconvenience that it’s causing. We’re actively investigating as we
speak, and we’ll follow up individually with users in this thread as we
get to the bottom of the problem.We appreciate your patience and understanding.
Google’s official policy is that once emails are deleted, they are gone forever. And based on the Google Groups thread, no one has been able to have their Gmail accounts restored to pre-deletion status.
Update: A representative from Google just sent the following email:
Hi there TechCrunch folks,
We saw your post today about Gmail and wanted to let you know what was going on.
Regretfully, a small number of our users — around 60 — lost some or all of their email received prior to December 18th. Once we found out about this issue, we worked day and night to confirm that only a few accounts were affected and to do whatever we could to restore as much of the users’ accounts as we could. We’ve also reached out to the people who were affected to apologize and to work with them to restore the email from any personal backup they might have.
We know how important Gmail is to our users – we use it ourselves for our corporate email. We have extensive safeguards in place to protect email stored with Gmail and we are confident that this is a small and isolated incident.
Thanks,
Courtney
See all
Post
That sucks. All my porn mail is gone.
Funny reading all those posts from distraught people who lost all their important messages which they stored on some remote site over which they had no control, information so vital they couldn’t be bothered to keep copies of any of it locally. And me without my tiny invisible violin. Shucks.
Oh, and if it’s not ALL CAPS, it’s not screaming.
This is the best reason I’ve heard in a long time to upgrade your browser. Scary.
We might say “google should keep backups.” But then again, for a lot of things, we probably don’t want google to keep backups. The gubment can read backups, afterall. Data security vs. privacy is an intrinsic trade-off that people don’t seem to think of much yet.
One word: Beta
Back are the days where the company’s mission didn’t include storing people’s private and valuable information. Guess you can’t have it both ways. Someone at Redmond may be throwing chairs out of joy.
Wish it would’ve happened to me, I just can’t take the time to clean it out myself…a fresh start would be nice.
Thats crazy…bad news for google…what happened to users keeping backups on a disk!
GMail should allow users to back up all their data themselves.
It should simply allow each user to download a .ZIP archive containing all the user’s e-mails and contacts.
You may say this can be accomplished using POP3. This is not true - using GMail’s POP3, one can only access the last 30 MB or so of e-mail, even if he never picked up e-mail unsing POP3.
So, the POP3 of GMail has some limits.
Other great things GMail could do:
- Allow me to receive .EXE and .RAR files. I really need this because my co-workers are developers and often send me .EXE files to test (and guess what - I have never confused a worm with a legitimate .EXE file, because I am careful and can make the difference)
- Allow me to turn off the spam filter or configure it.
- Allow me to backup my data by downloading a .ZIP file
- Send me a backup DVD with my data every month by postal mail
In fact, why not implement all of the above, call it GMail Pro and sell it to me for $50 a year?
I would pay for this immediately.
Yikes. I do use Gmail as my primary email account, but have POP set up on my desktop, and all my old emails are there.
I shudder at the thought of all emails being deleted … I suggest anyone paranoid to set up a desktop client to suck all those emails down, even just once, so you have a backup.
Google’s official policy is that once emails are deleted, they are gone forever
Their policy doesn’t state that, it is:
Unfortunately, we’re unable to recover messages or Contact entries that have been deleted from your account.
The “we” in there might refer to Joe Schmo running gmail support that doesn’t have access to it. This policy is very vague, but it does not state that emails are “gone forever”
Way to keep backups, Google.
I’d sort of assumed that the “you delete it, it’s gone forever” rule was about them not caring enough or having the manpower to restore your emails, not that it was physically impossible.
Seriously, they have to have backups somewhere, or they are being incredibly lax about their business.
I just put this into my “WTF Dept” postings… in addition read the terms:
Indemnification. You agree to hold harmless and indemnify Google, and its subsidiaries, affiliates, officers, agents, and employees from and against any third party claim arising from or in any way related to your use of the Service, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature. In such a case, Google will provide you with written notice of such claim, suit or action.
Even with incidents such as this, I’d say GMAIL probably provides better reliability than most other paid services.
Incidents such as this can’t be good for Google’s PR and thus while they might not be paranoid about protecting your INDIVIDUAL account, they HAVE TO care enough to prevent stuff such as this. Being free doesn’t at all give them a reason to slack off (neither do I believe they do–gmail must be bringing ‘em good revenue).
-Zaid
re: #10
It says they’re unable to recover messages that have been deleted. How much more clearly do you need them to say that the emails are gone forever?
It is a still a beta in the end, gmail has been a great secondary mail account for me. Given the price Google is asking, there’s not much room for complaint… does suck for anyone that may have used it as a primary and lost important data though.
This is one of the dangers of the “Software as a Service” revolution that is being eagerly adopted now. It reminds one to be careful where you put your mission critical data! I agree that these types of services should allow end-user initiated backups/zip’d downloads.
@8 - easy way to send *.exe or *.rar is to just rename file and add +remove
i.e. windows.exe+remove or windows.rar+remove
you can send them then
Probably someone had access to the password and deleted all the messages. Your title is too sensationalistic.
That’s some scary crap right there. (setting up desktop client immediately)
It’s not that hard to back up your Gmail. I foward selected/important email to my PocoMail on a regular basis and save it .
Easy as falling off a log.
Hmmm. Take a look at this:
http://arstechnica.com/news.ar.....-6406.html
A judge ordered Google to produce emails that had been “deleted for ever.” Their terms of service (at the time) stated they could keep backups of such mail at their discretion.
If it’s all related to Firefox 2.0, the most probable culprit would be this bug: http://www.mozilla.org/securit.....06-72.html
The user would have to have received an HTML mail with embedded images, probably from an unknown party, and also voluntarily clicked the “Display images” link. If that is the case, it’s not GMail’s fault.
Surprised to hear that Firefox has the trouble; But I still wonder how that flaw is related to deletion of gmail mails? I don’t see a possibility of their gmail account being hijacked in this case.
I admit that this one really flipped me out, but instead of running around looking for a sandwich board, I just made a backup for myself, and realized that I’m responsible for my data, no mater where it is.
I wrote up how I did this (which I imagine there are variations), for friends and relatives.
I always register on the websites that techcrunch finds interesting. Suppose, for instance, that a malicious employee on some malicious website decided to ‘test’ whether users with gmail addresses gave them the same email password on the site. Most likely, that’s what you should have.
Expect this again in the future. It’s human nature, sad to say… –A.
Apparently, the bug allows you to specify a javascript: URI as your src attribute. If XSS checking is broken there, you can do all sorts of crazy stuff if you can fool the recipient into displaying your image within an HTML mail.
As a test of password security for my security clients, I once looked at one of my databases for all account owners that used yahoo.com for their email address and used their password (stored in my database) to hack into their yahoo account.
4 out of 5 times the user used the same password.
In theory, someone could have hacked into 100+ Gmail accounts and deleted everything *just* to give Google bad PR.
The commenting system ate my html tags.
To clarify comment #26: Apparently, the bug allows you to specify a _cross-site_ javascript: URI in your _IMG_ src attribute.
@jessup
a flaw with your database is that you could view and or decode the user’s password (unless that was the purpose of the ‘test’). if not, why weren’t the passwords in your database hashed with an asymmetrical key?
on the subject of remote services. there will probably come a time when everyone will own a CPU in a data-center which hosts all of your personal web-centric applications and data. Backups will be automated… -stan
Does anyone know of a quick way to back up a gmail account?
I have been using Gmail for a long time, so far I never had problems with Gmail. I can say I haven’t lost one e-mail in Gmail for the past 3 years. This is just a few users out of millions, it is better than Outlook and Hotmail combination. I access Gmail with Outlook, so I have them saved in both. I lose more e-mails with Outlook with their constant installing and uninstalling of software. I see none of the users here had problems with their mails deleted in Gmail, so I don’t see what the big deal is. Gosh I can’t even access hotmail in Outlook 2007 it says has problems with the server every time, so I delete hotmail accounts and read it in the browser instead. Even if it is a problem with Gmail, I am sure they will fix it right away. Just relax and enjoy the New Year.
Deleted emails? From a free, beta email program? We are surprised…how? Hey! you get what you pay for.
it’d be nice if gmail had a method to download compressed backup of the email.
I think the Beta issue is a lot of BS. Since 1998 everything is in Beta all the time. My real worry from this is that it confirms what some people have always said about ASPs and about using network-based services for critical functions. Has Salesforce ever lost client data? If the alternative to hosted systems is the Exchange Server we are running in my office - that goes down or has some kind of problem every couple days — then someone bring me a gun.
@Gmail Fan
You can download ALL of your gmail using POP. Just make sure to have it configured correctly within gmail.
http://mail.google.com/support.....topic=1557
pEace
This is a hard kick in Google’s groin and all those people who thought that Google would bring the next-generation Google OS for purely web-based computing.
This is always a risk when all the e-mails are on servers. Use POP and download them all as pointed by Gabriel. But not many people are aware of this or do not take pain to configure POP tools. Google should themselves come up with a desktop program that does all the tricks. I don’t blame google for this. 60 accounts out of millions?? Wait, what is the percentage of error?
This is really unacceptable. A data recovery model - with a fee if needed - should be a required feature of a personal data service hosted on the web.
As for “perfect” per the post a week ago, there are so many things Gmail is missing that it’s not even close to being perfect (see my post on CrunchBack.com for a starting list). I do enjoy Gmail, but I’m not as easy to please as you, Michael.
We all know that Gmail is not yet become public and its is under TEST and there can be some mistakes that can happen, but the deleting of the mails is too much and something wried… So i personalize mi important mails….
You should never lose your email, have your gmail forward to a windows live mail account which sorts it into a gmail folder, instant backups….
Someone’s already pointed out that POP3 isn’t a perfect solution to this. However, now that Gmail offers POP3 retrieval, you could theoretically create a backup account that constantly retrieved mail from the other account. Although I don’t know if Google’s POP3 retriever would be able to be configured to retrieve Gmail via POP3.
While it is never good to be in a position of having lost data, I think it is also comforting to know that even the best company can make a mistake.
Well, look we have here. A google problem with mass deletions of gmail contacts and email through Firefox bugs, and what happens? Apologists come out of the woodwork.
Some guy actually says “Just relax and enjoy the holiday”. WTF?
Imagine this were a problem with Hotmail instead of gmail, or with IE7 instead of Firefox - what would these comments be like?
Stopping giving Google the free pass. Be objective. This is a major fucking problem.
Jessup (#27) — DID YOU ORDER THE CODE RED??!!
Huh. I know I have two gigs of storage, but it only fills as far as it does out of laziness. I routinely purge my email about once a year. There’s rarely any valuable conversations I really care to go back to… so why keep it around? ‘Sides, something like 2/3rds of my email is just LiveJournal telling me that someone has posted a reply to my account. That’s half of what I use my bloody email for anyway. Wouldn’t have chapped me, much.
Somehting is seriously broken if even just a few gmail accounts lose data. It’s only a matter of time before this weakness is exploited if the problem is trivialized.
I hate to think how many people working in gov, military, finance etc use it as a convenient means to send/save data back and forth..
Anyway, Eudora is the way to go imo..zero latency.
Bugger….Not a good end to 2006 for Google. I thought GMail could do no wrong. Guess I was wrong.
First when Google comes out people are shouting invasion of privacy for keeping emails forever. Now this incident and people are complaining they don’t back up?!
idiots. back. it. up. yourself.
you are so right
This problem existed since early September 2006 as far as I know. How do I know that? Well, I am a victim of this email bug. I contacted google via email several times regarding this matter and they consistently replied that they checked everything and the only place where the fault occurred is on the user side. after several letters I just said: “Whatever”. Well, guess what? a week later, same thing happened to me again - I lost all of my emails!!! Sent them emails again and again received the same reply, which read that it was something I was doing. I think they knew of this problem long time but could not do anything about it so they waited until firefox updates.
So what is the solution I have now? I have a 2nd gmail account for backup purposes.
FIREFOX VIRUS, NOT GMAIL FAULT, damn idiots. Gmail is damn good for email, people not using a reputable AV, firewall, anti-malware, updated system are at fault due to a virus!