Hacker finds flaw in Gmail allowing anyone to hack any email account
Hacker finds flaw in Gmail allowing anyone to hack any email account
Google offers $20,000 bounties for any security vulnerabilities in its applications. The most recent cash-in of this program was to Ahmed Mehtab. Mehtab discovered that Google’s feature that allows users to link multiple email addresses together can expose the accounts to hijacking. If a user tries to link an account, but that account is deactivated, SMTP of the recipient is offline, the recipient email is invalid, or the recipient has blocked the sender, then Google’s verification email will fail and be sent to the sender. Now the user has wrongfully been granted a verification code and the email can be linked. Google has since paid Mehtab and addressed the issue, but its interesting to see that such a significant vulnerability slipped pass Google.
Loi Van Tran says
Thanks for the Post,
The video was interesting to watch as well. The interesting part was that he didn’t need any technical expertise or coding to find that vulnerability. Just be testing his idea he was able to make $20K, which is a good day, no matter how you look at it.