Google Flaw Allowed Easy ‘E-mail Harvesting’

An issue with Google Apps over the weekend sent the company scrambling
to fix a hole in its Script API. The problem allowed a specific domain to
harvest the e-mail addresses of anyone who visited the site while logged into
their Google account, according to a report on InfoSecurity.

An issue with Google Apps over the weekend sent the company scrambling
to fix a hole in its Script API. The problem allowed a specific domain to
harvest the e-mail addresses of anyone who visited the site while logged into
their Google account, according to a report on InfoSecurity.

After visiting guntada.blogspot.com, users immediately received
an e-mail with the subject line, “Kinda Important Message…” The spam-like
e-mail went on to supply a link that brought users back to the site.

According to TechCrunch, the site in question appears to have been started by a 21-year-old
Armenian under the handle “Vahe G.”

In a statement, Google announced they had disabled the site
hosted on their Blogspot platform and repaired the hole in its API responsible
for the vulnerability.

This isn’t the first time Google’s seemingly lax approach to privacy has been called attention to. Researcher Moxie Marlinspike dedicated time at this year’s SOURCE Conference to underscore the company’s need for more rigid security.

InfoSecurity has more on this story.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.