Google Account Loophole Discovered!

Tony Ruscoe has spotted a security loophole, through which hackers can gain access to your emails, docs, and spreadsheets, read your feeds in Google Reader, check your search history or even see your reading habits on Google Personalized Home. All these can be accomplished by simply making a user who is logged into his Google Account to the page which contains a script. This loophole script would send the user’s cookie to the hacker.

To show the proof-of-concept, Tony asked Philipp Lenssen from Google Blogoscoped to visit his page (which was hosted on a trust worthy google.com sub-domain) and he proved to be successful. Luckily, Tony wasn’t one of the nasty hackers. He immediately alerted Google Security Team over this issue and they fixed it right on time.

Thanks for saving the day, Tony!

This post was published by on January 13, 2007

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • http://www.techlive.co.nr Phalgun

    Yeah thanks for saving our google accounts! :)

  • http://garryconn.com Garry Conn

    Wow,

    This is an article all of us “Bloggers” might want to post and spread the word about! I have always been wondering when this would happen.

    - Garry

  • http://bryansrants.com/ Bryan

    That is crazy. I use Google Reader and never knew it was hackable. You might be wondering who I am. My name is Bryan and I stumbled across your blog from a friends blog. I really like the look and the content. I am going to be adding it to Google Reader, ironic I know.

  • http://tech-buzz.net Thilak

    Garry: Your a Yahoo Guy or what ?

    Bryan: Thanks for adding me into your reading list :D

  • http://garryconn.com/links/ Garry Conn

    Nope… I used to be many years ago.

    I guess what I meant to say was, beause of how popular Google is, I am not surprised to see people trying to attack it and its services. I still remember quite a few months back when their official blog site got hacked into…