Hacker finds flaw in Gmail allowing anyone to hack any email account
Google offers $20,000 bounties for any security vulnerabilities in its applications. The most recent cash-in of this program was to Ahmed Mehtab. Mehtab discovered that Google’s feature that allows users to link multiple email addresses together can expose the accounts to hijacking. If a user tries to link an account, but that account is deactivated, SMTP of the recipient is offline, the recipient email is invalid, or the recipient has blocked the sender, then Google’s verification email will fail and be sent to the sender. Now the user has wrongfully been granted a verification code and the email can be linked. Google has since paid Mehtab and addressed the issue, but its interesting to see that such a significant vulnerability slipped pass Google.