Massive Flaw Could Have Exposed Every Gmail User’s Address

Massive flaw could have exposed every Gmail user’s address (RT, June 12, 2014):

A gaping security bug in Google’s systems may have been used to unearth millions upon millions of users’ email addresses. The activist claimed it took Google a month to rectify the problem after his report to the company.

Tel Aviv-based security researcher Oren Hafif discovered the bug and has informed Google, which has managed to resolve the problem.

However, before Hafif notified Google, he successfully retrieved some 37,000 addresses from the system.

“I have every reason to believe every Gmail address could have been mined,”
Hafif told Wired.

He uploaded a video tutorial to his YouTube account at the beginning of June.

Hafif accessed a page declaring that his access had been denied towards the end of last year. After changing a single character in the website’s URL, the Gmail page said that he’d been denied access to a different address.

He automated character changes using software called DirBuster. “I could have done this potentially endlessly,” said Hafif.

While passwords weren’t provided, the bug may have left accounts wide open to spam, phishing and password hacking attempts.

Google rewarded Hafif with $500 – which some commentators deemed to be very low considering the work he did.

“Being a good person is not very profitable these days 🙂 ,” Hafif posted on Twitter on Thursday.

A Google spokesperson confirmed to Wired that the company had repaired the bug and awarded him some financial compensation. However, Google did not respond to any further requests for comment.

1 thought on “Massive Flaw Could Have Exposed Every Gmail User’s Address”

  1. Flaw, or plan? I don’t trust any of them. This has happened to users of other email addresses as well, but Google used to have a better reputation. Lately, they have shown themselves to be less than trustworthy. I don’t know what to say; I have a gmail account. I will have to search around for a new address.
    Where can one go?
    This is really getting old.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.