Hackers Could Have Been Abusing This Bug To Get Gmail Addresses For Years
REUTERS/Carlos Barria
Tel Aviv-based security researcher Oren Hafif discovered the bug and helped Google fix the problem. Before he did that, he experimented, setting up a program that uncovered 37,000 Gmail addresses in about 2 hours, he told Wired.
"I have every reason to believe every Gmail address could have been mined," Hafif told Wired. He added that any business using Google to host its emails was also vulnerable.
The bug involved an account-sharing feature that lets users delegate access to their accounts. Discovering email addresses is as simple as changing a few characters in a URL. Hafif uploaded a how-to video to his YouTube channel.
Hafif reported the bug to Google, who fixed it after about a month. The company paid the security researcher $500 under its bug bounty program, which Hafif thought was a little low.
"Being a good person is not very profitable these days," he said with a smiley face on Twitter.
- Having an regional accent can be bad for your interviews, especially an Indian one: study
- Dirty laundry? Major clothing companies like Zara and H&M under scrutiny for allegedly fuelling deforestation in Brazil
- 5 Best places to visit near Darjeeling
- Climate change could become main driver of biodiversity decline by mid-century: Study
- RBI initiates transition plan: Small finance banks to ascend to universal banking status
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market