A MAJOR GOOGLE security hole that allows a person’s email address to be accessed has been uncovered, according to TechCrunch.

The breach allowed the emails address of “anyone already signed into Google” to be accessed, according to the report.

The man who uncovered the security issue was using the site http://guntada.blogspot.com (which has now been taken down) to ‘harvest’ the emails of people signed into a Google account. The man, identifed as Vahe G, told TechCrunch that he tried to contact Google but they would not respond to his emails.

Google says the issue is now resolved:

We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More