cancel
Showing results for 
Search instead for 
Did you mean: 

Token Abuse Exposes Gmail Addresses

Highlighted
Sr. Community Expert Advisor

Token Abuse Exposes Gmail Addresses

by Michael Mimoso

 

Google has patched a vulnerability that exposes an indefinite number of Gmail addresses, a potential gold mine for phishing and advanced attacks.

Researcher Oren Hafif of Israel disclosed details on how he was able to abuse a token exposed in a URL in order to reveal every Gmail address. His work earned him $500 through Google’s bug bounty program, he said.

“I bruteforced a token in a Gmail URL to extract all of email addresses hosted on Google,” Hafif wrote on his personal blog.

 

Full Article

 

This could have been worrying, it was quite a bug to expose every G Mail address.


Sr. Community Expert Advisor


 


2016-07-18_12-11-32.png Microsoft® Windows Insider MVP - Windows Security

1 REPLY
Gold VIP

Re: Token Abuse Exposes Gmail Addresses

Now, that is nasty...and worrying...if you have a gmail account.  Lucky that I don't...phew. Smiley Very Happy

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.18.44, imaged by Macrium Reflect v7.1