Serious Warning Issued For Millions Of Google Gmail Users

Multimedia
  • 21-05-2022, 22:20
  • +A -A

    INA - BAGHDAD 


    Gmail is the world's most popular email service, it is also known as one of the most secure. But a dangerous exploit might make a rethink of how to want to use the service in future.

    In an eye-opening blog post, security researcher Youssef Sammouda has revealed that Gmail's OAuth authentication code enabled him to exploit vulnerabilities in Facebook to hijack Facebook accounts when Gmail credentials are used to sign in to the service. And the wider implications of this are significant.

    Speaking to The Daily Swing, Sammouda explained that he was able to exploit redirects in Google OAuth and chain it with elements of Facebook's logout, checkpoint and sandbox systems to break into accounts. Google OAuth is part of the 'Open Authorization' standard used by Amazon, Microsoft, Twitter and others which allows users to link accounts to third-party sites by signing into them with the existing usernames and passwords they have already registered with these tech giants.

    Sammouda reports no vulnerabilities using other email accounts. He does stress that it could potentially be applied more widely "but that was more complicated to develop an exploit for." He states Facebook paid him a $44,625 'bug bounty' for its role in this vulnerability. Facebook has subsequently patched the vulnerability from their side.