By Euro Weekly News Media • Published: 12 Jun 2014 • 14:00
A Tel Aviv, Israel based security researcher has raised the alarm regarding Gmail, exposing flaws in Google’s Gmail service. He has discovered that Gmail has a sharing feature that allows a user to ‘delegate’ access to their account, by tweaking the web address it was possible to reveal a random user’s email address, and with the help of software called Dirbuster, the researchers were able to collect 37,000 Gmail addresses in under two hours.
“I could have done this potentially endlessly,” says Hafif, an Israel-based penetration tester for internet security firm Trustwave. “I have every reason to believe every Gmail address could have been mined.”
Researchers speculate that the flaw would leave users vulnerable to spam, phishing or password-guessing attacks. However, Mr Hafif believes that it wouldn’t have just affected personal user’s Gmail, as major businesses and even Google itself uses Gmail to manage their trade.
When asked about if the flaw had ever been used, Hafif skeptically said “We’ll never know.”
“Think about how much money a spammer or a country, are ready to pay for a list of all Google accounts?” he added.
A Google spokesman confirms that the email stealing bug has been patched and reaffirmed that the trick would not have exposed passwords.
Mr Hafif was paid $500(€370) by Google for this discovery.
Share this story
Subscribe to our Euro Weekly News alerts to get the latest stories into your inbox!
By signing up, you will create a Euro Weekly News account if you don't already have one. Review our Privacy Policy for more information about our privacy practices.
Share your story with us by emailing newsdesk@euroweeklynews.com, by calling +34 951 38 61 61 or by messaging our Facebook page www.facebook.com/EuroWeeklyNews
By signing up, you will create a Euro Weekly News account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.
Download our media pack in either English or Spanish.