Andy Greenberg reports:
Until recently, anyone may have been able to assemble a list of every Gmail account in the world. All it would have taken, according to one security researcher’s analysis, was some clever tweaking of a web page’s characters and a lot of patience.
Oren Hafif says that he found and helped fix a bug in Google’s Gmail service that could have been used to extract millions of Gmail addresses, if not all of them, in a matter of days or weeks. The trick would not have exposed passwords or otherwise allowed easy access to those accounts, but could have left users vulnerable to spam, phishing or password-guessing attacks. The bug may have existed for years.
Read more on Wired.
Thanks to Joe Cadillic for this link.