Gmail was hackable–Now patched.

from JoeUser Forums

 

Apparently, Gmail had a large security flaw which could have led to mining huge numbers of users email addresses.

“Oren Hafif, a security penetration expert, discovered last year that he could manipulate the little-used account-sharing feature in Gmail to edit the 'Rejection Confirmed' webpage. After changing one character in the URL of the page that appears when you reject access to a shared account, Hafif found he could make the page tell him that he had been declined access to another email address…By using DirBuster, a brute-force hacking program, he automated the character-changing process and saved 37,000 Gmail addresses to a text file in around two hours. From this, he could extract the individual email addresses.” – Neowin

Of course, the email addresses alone would give nothing, however, they could be sold to spammers and phishers for a nice profit.

Anyway, Google has patched the flaw, but you have to wonder how many more there are.

Source:

http://www.neowin.net/news/gmail-had-a-simple-flaw-that-allowed-anyone-to-obtain-every-email-address

18,252 views 5 replies
Reply #1 from WinCustomize Forums Top

Always something to mess with. Thanks Seth.

Elemental: Reforged
Reply #3 from Elemental Forums Top

I don't store email addresses on my PC, keep them on paper and type them in...  then delete emails from sent folder. Am I paranoid?

Reply #4 from WinCustomize Forums Top

Elana, the email addy they'd get would be yours (if you have a gmail acc't.), not anyone else's.

They'd then send you malware/phishing email...and via that get whatever you have in the acc't. or on your computer.

They'd presumably see 'sent' email, so they'd get those addresses also.