Bug May Have Left Gmail Users' Emails 'Exposed'
By Karla Danica Figuerres | June 15, 2014 9:40 AM EST
A security hole in Gmail has allowed anybody to access the email addresses of every Google user. Recently, a huge error in Google's widely popular and used Gmail service was detected exposing the users' email addresses.
A Google logo is seen at the garage where the company was founded on Google's 15th anniversary in Menlo Park, California September 26, 2013.
Wired reported Oren Hafif, a security researcher, discovered and assisted Google in solving a serious problem that made Gmail users' email addresses exposed to other users with a little patience. The report stressed the bug might have occurred for years before it was resolved as Gmail's delegation feature was introduced in 2010. So it is likely that it was there for years and could have been easily used to get every Gmail user's emails.
The report added the bug would not have showed any passwords or personal data but could have made users defenseless to spams, phishings or password-guessing assaults.
"The exploit involved a lesser-known account-sharing feature of Gmail that allows a user to 'delegate' access to their account," Wired's Andy Greenberg claimed.
Generally, the flaw took advantage of an obscure feature of Google that allows users to delegate access to their account.
In November of last year, Hafif found he could tweak the URL of a Web page that appears when a user is declined that delegated access to another user's account. When he changed one character in that URL, the page showed him that he'd been declined access to a different address.
By automating the character changes with a piece of software called DirBuster, he was able to collect 37,000 Gmail addresses in about two hours.
Using the error, Hafif said he could have secured the email addresses of every user of Gmail worldwide in a short time, in days or weeks. Google has already fixed the bug after Hafif reported it.
The problem if not resolved wouldn't only affect the personal users of Gmail, Hafif added. Hackers could have used it to gather addresses of every business that uses Google to get its email, and worst even Google could be affected if the problem was mishandled.
To contact the editor, e-mail:
Most Popular Slideshows
- Real Life ‘Frozen’: Snow Overwhelms The US, Kills 7; More To Come (Pictures)
- Angelina Jolie, Brad Pitt in Sydney for ‘Unbroken’ Red Carpet Premiere [PHOTOS]
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
- G20 Summit Awkward Moments: Putin Yawns, Mystery Bubbles Appear, F18 Drama Ensues
Join the Conversation
- US Plane Flying Over Russian Skies Spotted; Vladimir Putin Ready For 'Practical Cooperation' With US
- Nexus 6 Release Date And Price Under AT&T, T-Mobile And Sprint Listed
- 6 Big Reasons iPhone 6 Plus is Must-Have Black Friday, Christmas 2014 Buy
- NATO To Russia: 'Pull Back Your Troops'
- Cold War 2: Russia, China And North Korea’s Blacklisted Company Fortify Alliance -- Reports