light bulb

Did You Know?

Posts: 4,814
Topics: 3,041
Kudos: 5,931
Registered: ‎06-12-2013

Token Abuse Exposes Gmail Addresses

by Michael Mimoso


Google has patched a vulnerability that exposes an indefinite number of Gmail addresses, a potential gold mine for phishing and advanced attacks.

Researcher Oren Hafif of Israel disclosed details on how he was able to abuse a token exposed in a URL in order to reveal every Gmail address. His work earned him $500 through Google’s bug bounty program, he said.

“I bruteforced a token in a Gmail URL to extract all of email addresses hosted on Google,” Hafif wrote on his personal blog.


Full Article


This could have been worrying, it was quite a bug to expose every G Mail address.

Sr. Community Leader

Posts: 5,047
Topics: 211
Kudos: 4,816
Ideas: 9
Registered: ‎02-03-2012

Re: Token Abuse Exposes Gmail Addresses

[ Edited ]

Now, that is nasty...and worrying...if you have a gmail account.  Lucky that I don't...phew. :smileyvery-happy:


Webroot SecureAnywhere Complete Beta Tester v8.0.8.53...+ VoodooShield v2.31l Beta....working together as the NEW perfect combination! And backed up by AX Time Machine v2.0