Hackers Could Have Been Abusing This Bug To Get Gmail Addresses For Years
Tel Aviv-based security researcher Oren Hafif discovered the bug and helped Google fix the problem. Before he did that, he experimented, setting up a program that uncovered 37,000 Gmail addresses in about 2 hours, he told Wired."I have every reason to believe every Gmail address could have been mined," Hafif told Wired. He added that any business using Google to host its emails was also vulnerable.Advertisement
The bug involved an account-sharing feature that lets users delegate access to their accounts. Discovering email addresses is as simple as changing a few characters in a URL. Hafif uploaded a how-to video to his YouTube channel. Hafif reported the bug to Google, who fixed it after about a month. The company paid the security researcher $500 under its bug bounty program, which Hafif thought was a little low.
"Being a good person is not very profitable these days," he said with a smiley face on Twitter.
- Dharavi's COVID-19 cases go up to 1,872
- ‘Home prices have to fall’— Indian government’s stern message to realtors has other backers too
- COVID-19: 1,384 cases in TN, tally touches 27,256 12 more people die
- Secretariat emerging as hotspot as virus cases go up in AP
- Cyclone Nisarga: Need to harmonise with nature, says Goa Guv