This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 5 °C Wednesday 8 April, 2020
Advertisement

Google’s major security hole

The breach allowed the email address of any person signed into a Google account to be accessed.

A MAJOR GOOGLE security hole that allows a person’s email address to be accessed has been uncovered, according to TechCrunch.

The breach allowed the emails address of “anyone already signed into Google” to be accessed, according to the report.

The man who uncovered the security issue was using the site http://guntada.blogspot.com (which has now been taken down) to ‘harvest’ the emails of people signed into a Google account. The man, identifed as Vahe G, told TechCrunch that he tried to contact Google but they would not respond to his emails.

Google says the issue is now resolved:

We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.

  • Share on Facebook
  • Email this article
  •  

About the author:

Read next:

COMMENTS