Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

Massive flaw could have exposed every Gmail user’s address

Published time: June 12, 2014 14:56
Screenshot from mail.google.com

Screenshot from mail.google.com

A gaping security bug in Google’s systems may have been used to unearth millions upon millions of users’ email addresses. The activist claimed it took Google a month to rectify the problem after his report to the company.

Tel Aviv-based security researcher Oren Hafif discovered the bug and has informed Google, which has managed to resolve the problem.

However, before Hafif notified Google, he successfully retrieved some 37,000 addresses from the system.

“I have every reason to believe every Gmail address could have been mined,”
Hafif told Wired.

He uploaded a video tutorial to his YouTube account at the beginning of June.


Hafif accessed a page declaring that his access had been denied towards the end of last year. After changing a single character in the website’s URL, the Gmail page said that he’d been denied access to a different address.

He automated character changes using software called DirBuster. “I could have done this potentially endlessly,” said Hafif.

While passwords weren’t provided, the bug may have left accounts wide open to spam, phishing and password hacking attempts.

Google rewarded Hafif with $500 – which some commentators deemed to be very low considering the work he did.

“Being a good person is not very profitable these days :) ,” Hafif posted on Twitter on Thursday.

A Google spokesperson confirmed to Wired that the company had repaired the bug and awarded him some financial compensation. However, Google did not respond to any further requests for comment.

Comments (9)

 

Mike L. 13.06.2014 07:33

500$ is fair. All he did was fuzzing addresses, he could have worked 10 hours on that one and still get a decent pay per hour.
People are just greedy nowadays...

 

Terry Jobity 13.06.2014 07:07

Tel Aviv based,to me rates a huge question mark with the accompanying alarm bells ringing.Something good coming out of Israel,nah ,I dont believe thats the whole story,Israelis to devious by nature I choose not to believe in the first instance.

 

Alan 13.06.2014 05:45

Lapontius 12.06.2014 22:38

Google = NSA tools. Cant wait till Google monopolizes ISP market and takes over utilities control in your house. This company is worse than the Skynet from Terminator.

  


Ex actly ..... An old girlfriend of mine used to say: "The bigger they are, the harder they fall". I hope she's right !

View all comments (9)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us