Google Inc. (GOOG), owner of the world's most popular search engine, said hackers obtained access to hundreds of Gmail accounts, possibly including those of U.S. government officials, Chinese political activists and journalists.

"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," Eric Grosse, engineering director on the Google Security Team, said in a blog post June 1.

The scam uses "spear phishing" where specific e-mail users are tricked into sharing their login names and passwords to a web page that resembles Google's Gmail web service. Having obtained the user's credentials, the hackers then tell Gmail's service to forward incoming e-mail to another account set up by the hacker.

Google's email service allows users to forward messages automatically and grant others access to their accounts.
"The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," Grosse said.

Google stated it has disrupted this campaign to take users' passwords and monitor their emails, notified victims and secured their accounts, and notified relevant government authorities.

The search giant added its internal systems have not been affected as these account hijackings were not the result of a security problem with Gmail itself. "We believe that being open about these security issues helps users better protect their information online," Grosse said in the blog.

The campaign against Gmail users comes amid recent cyber attacks against Sony Corp., which lost credit card information of it PlayStation Network users to hackers, and defense contractor Lockheed Martin Corp.

Google's internal systems weren't affected, and the attempts didn't involve a security problem with Gmail, Grosse said. While most of these kinds of attacks aren't very targeted, these "hijackings" went after senior U.S. government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists.

Grosse said here are some ways to improve your security when using Google products:

* Enable 2-step verification. This Gmail feature uses a phone and second password on sign-in, and it protected some accounts from this attack. So check out this video on setting up 2-step verification.

* Use a strong password for Google that you do not use on any other site.

* Enter your password only into a proper sign-in prompt on a https://www.google.com domain. Gmail never asks users to email their passwords or enter it into a form that appears within an email message.

* Check your Gmail settings for suspicious forwarding addresses ("Forwarding and POP/IMAP" tab) or delegated accounts ("Accounts" tab).

* Watch for the red warnings about suspicious account activity that may appear on top of your Gmail inbox.

* Review the security features offered by the Chrome browser. If you don't already use Chrome, consider switching your browser to Chrome.

* Explore other security recommendations and a video with tips on how to stay safe across the web.

Google's shares have declined 12 percent this year.