Token Abuse Exposes Gmail Addresses

  • 11 June 2014
  • 1 reply
  • 437 views

Userlevel 7
Badge +54
by Michael Mimoso
 
Google has patched a vulnerability that exposes an indefinite number of Gmail addresses, a potential gold mine for phishing and advanced attacks.
Researcher Oren Hafif of Israel disclosed details on how he was able to abuse a token exposed in a URL in order to reveal every Gmail address. His work earned him $500 through Google’s bug bounty program, he said.
“I bruteforced a token in a Gmail URL to extract all of email addresses hosted on Google,” Hafif wrote on his personal blog.
 
Full Article
 
This could have been worrying, it was quite a bug to expose every G Mail address.
 

1 reply

Userlevel 7
Now, that is nasty...and worrying...if you have a gmail account.  Lucky that I don't...phew. :D

Reply