Merge: charon (05/10 08:18 GMT): SoylentNews Submission

Merge: charon (05/10 08:18 GMT)

Accepted submission by charon at 2017-05-10 08:18:31

[please merge with #20089, Google: attack affected “fewer than 0.1 percent” of Gmail users]

butthurt [soylentnews.org] writes:

According to a Motherboard article [vice.com], the attacker was able to use OAuth [wikipedia.org] to impersonate Google, and a security researcher says

[...] he warned Google directly about this vulnerability in 2012, and suggested that Google address it by checking to [...] ensure the name of any given app matched the URL of the company behind it.

Google: attack affected “fewer than 0.1 percent” of Gmail users

butthurt [soylentnews.org] writes:

TidBITS reports [tidbits.com] on a malicious e-mail

[...] that appeared to be an invitation from a known correspondent to join a Google Doc. However, the linked Web page requested that you grant access to an app that looked like Google Docs, but was instead an app that sent spam to people in your contact list.

According to Google, "no other data was exposed" besides the contact lists and the attack was stopped after about an hour, with "fewer than 0.1 percent" of Google Mail (Gmail) users affected.

additional coverage:

The Atlantic [theatlantic.com]
Recode [recode.net]
Slate [slate.com]
PC World [pcworld.com]
The Next Web [thenextweb.com]

Original Submission #1 Original Submission #2

SoylentNews

SoylentNews is people

Navigation

Sections

SoylentNews

Submission Preview