After this, Google is asking its user in Iran to change their passwords and recheck their account recovery options. A false SSL certificate that was used in the wild to trick people into thinking they were visiting a legitimate Google site but actually they weren't.
Eric Grosse, Google's vice president of security engineering, wrote in a blog post, "We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail."
Eric said that they were directly making contacts with possibly affected users. He also claimed that users of the Google Chrome web browser were unaffected by the attack.
The blogpost advise all users in Iran to take some steps to secure their accounts:
• Change your password. You may have already been asked to change your password when you signed in to your Google Account.
• Verify your account recovery options. Secondary email addresses, phone numbers, and other information can help you regain access to your account if you lose your password.
• Check the websites and applications that are allowed to access your account.
• Check your Gmail settings for suspicious forwarding addresses.
• Pay careful attention to warnings that appear in your web browser and don't click past them.
The risk of fake SSL security certificates extends to some of spy agencies also like CIA, MI6, and Mossad which can potentially provide hackers with access to users' login informations.
Google Online Security Blog