Google Accounts Hackable

January 12th, 2007

Not even a company with some of the best programmers and engineers of this generation are safe from crackers. Tony Ruscoe was able to find a loophole in a new feature Google rolled out recently.

Using this loophole he managed compromise a Google account and:

• Get into Google Docs & Spreadsheets application and read and modify documents.
• Read subjects from Gmail inbox, as well as the first few words of emails, by adding a Gmail module to the Google Personalized Homepage
• View the Google Accounts Page
• Enter Google Reader
• Read private Google Notebook
• View complete Google search history

It’s a pretty nightmarish [Orwellian almost?] situation with big brother Google is storing vast quantities of personal data about you. One account slip up and you leave your work, personal and financial details open to potential crackers.

Fortunately, Tony isn’t a malicious hacker, he’s a nice chap [or so I’m told] and the first thing he did was report the loophole to the Google security team. The vulnerability was of a very special kind and because Tony “claimed” this loophole, it has blocked it for other would-be abusers. This means, in this particular instance there is no longer a security issue, so don’t go deleting your Google account just yet.

Story via: Google Blogoscoped