Article Image
News Link • Hacking, Cyber Security

Gmail's Security Hole Could Lead to Mass Harvesting of Accounts

•, Christopher Mims

A technique used by marketers to trick people into signing up for "free" merchandise could easily be re-deployed as an engine for harvesting untold numbers of Google account passwords. Fixing the issue won't be trivial for Google, because the exploit is fundamental to how Google allows users to recover access to their accounts when they lose or forget their passwords.

While others have reported on the use of this exploit by individual hackers, I believe what you're reading now is the first account of how it could be transformed into a mass phishing scam that could dragoon even relatively sophisticated users.

The Hack

Recently, my wife and I both received, within an hour of one another, a text like this:
Your entry last month has WON! Goto http://xxxxxx enter your Winning Code: "1122" to claim your FREE $1,000 Best Buy Giftcard!

Our phone numbers are almost identical, so the fact that we both got this text in a short period of time suggests that someone is auto-SMSing it to every number in a certain range, one after another. Which would make it classic text spam, annoying but not dangerous on its own.

Join us on our Social Networks:


Share this page with your friends on your favorite social network: