Bug May Have Left Gmail Users' Emails 'Exposed'
By Karla Danica Figuerres | June 15, 2014 9:40 AM EST
A security hole in Gmail has allowed anybody to access the email addresses of every Google user. Recently, a huge error in Google's widely popular and used Gmail service was detected exposing the users' email addresses.
A Google logo is seen at the garage where the company was founded on Google's 15th anniversary in Menlo Park, California September 26, 2013.
Wired reported Oren Hafif, a security researcher, discovered and assisted Google in solving a serious problem that made Gmail users' email addresses exposed to other users with a little patience. The report stressed the bug might have occurred for years before it was resolved as Gmail's delegation feature was introduced in 2010. So it is likely that it was there for years and could have been easily used to get every Gmail user's emails.
The report added the bug would not have showed any passwords or personal data but could have made users defenseless to spams, phishings or password-guessing assaults.
"The exploit involved a lesser-known account-sharing feature of Gmail that allows a user to 'delegate' access to their account," Wired's Andy Greenberg claimed.
Generally, the flaw took advantage of an obscure feature of Google that allows users to delegate access to their account.
In November of last year, Hafif found he could tweak the URL of a Web page that appears when a user is declined that delegated access to another user's account. When he changed one character in that URL, the page showed him that he'd been declined access to a different address.
By automating the character changes with a piece of software called DirBuster, he was able to collect 37,000 Gmail addresses in about two hours.
Using the error, Hafif said he could have secured the email addresses of every user of Gmail worldwide in a short time, in days or weeks. Google has already fixed the bug after Hafif reported it.
The problem if not resolved wouldn't only affect the personal users of Gmail, Hafif added. Hackers could have used it to gather addresses of every business that uses Google to get its email, and worst even Google could be affected if the problem was mishandled.
To contact the editor, e-mail:
Join the Conversation
- 5 Proofs Russia is Geared-Up for Shooting War with U.S. and Can Win Future Nuclear Showdown
- Target’s ‘Surprise Doorbusters’ Black Friday 2014 Deals On TV Sets, Entertainment Centres, DVD Players And More
- IKEA Black Friday 2014 Ad Includes Discounts On Home Furnishings, Appliances, Kitchen Designs, Beds, Sofas, Mattresses And Toys
- T-Mobile’s Black Friday 2014 Deals On Apple iPhone 6, Samsung Galaxy Note 4/Edge, Nexus 6, HTC One M8, LG G3, iPad Air 2 And Mini 3
- ISIS Drug Transit From Afghanistan To Europe Confirmed By Russia: Money Goes Into Terror Funding And In New Recruitments
- Bill Clinton At It Again, Caught By Camera In Jerusalem Peeking At Woman’s Breast
- Walmart Canada Black Friday 2014 Ad For Nov. 28, 2014 Up To Dec. 1, 2014 Includes Savings On The iPad Mini 16GB And The Beats Solo HD Drenched Headphones