Hackers Could Have Been Abusing This Bug To Get Gmail Addresses For Years
REUTERS/Carlos Barria
Tel Aviv-based security researcher Oren Hafif discovered the bug and helped Google fix the problem. Before he did that, he experimented, setting up a program that uncovered 37,000 Gmail addresses in about 2 hours, he told Wired.
"I have every reason to believe every Gmail address could have been mined," Hafif told Wired. He added that any business using Google to host its emails was also vulnerable.
The bug involved an account-sharing feature that lets users delegate access to their accounts. Discovering email addresses is as simple as changing a few characters in a URL. Hafif uploaded a how-to video to his YouTube channel.
Hafif reported the bug to Google, who fixed it after about a month. The company paid the security researcher $500 under its bug bounty program, which Hafif thought was a little low.
"Being a good person is not very profitable these days," he said with a smiley face on Twitter.
- Fresh photographs of Milky Way’s black hole Sgr A* reveal strong, twisted magnetic field similar to M87*
- 8 Lesser-known places to explore in Himachal Pradesh
- Markets end FY24 on buoyant note amid positive global cues
- SRM Contractors IPO allotment – How to check allotment, GMP, listing date and more
- Rupee falls 6 paise to settle at 83.39 against US dollar