Google Friend Connect Exploit Allows Users To Harvest Emails
By on November 20th, 2010

TechCrunch is reporting that an exploit in Google Friend Connect is allowing users to harvest email addresses for logged in users when you visit a website. This exploit was harvested when a user visited guntada.blogspot.com which is now blocked by Google.

According to TechCrunch this happened when you were logged in to your or Google account. However, only your email address was harvested so this is not only a big security hole but also a big privacy breach.

Google FriendConnect Exploit Email

Once you visited the said site, you would receive an email to your logged in address as shown above. Scary right. Google is already fixing it as we speak, we will update this post once we receive an update from Google.

Update: Google Spokesperson Lily Lin sent us the following statement:

We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.

Tags: , ,
Author: Keith Dsouza Google Profile for Keith Dsouza
I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written and can be contacted at keith@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN