This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability.
Short story: it was (seems it's fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to evilguy@evilhost.com any email containing the word "password" and you're pretty much stealing everything from everyone. Long story: David's experience, or just the technical proof of concept and explanations.
Number one item on your to do list: check your Gmail filters right now and see if there is any suspicious forward you can't remember setting up.
Shorter URL
Want to share or tweet this post? Please use this short URL: http://ozh.in/gr
Thanks so much for helping spread the news.
It's a set back for me, but I know I can recover in a stronger position than before. Especially with the help of people like you.
Have a wonderful xmas and an even better new year!
a really really scary story.
i'm checking my filters now.
wishing you a prosperous new year!
have a nice day ahead!
My Gmail Account has been compromised and hijacked. The person who hijacked my account has gained access to personal information, bank, other accounts… They have threatened my familly.
I have been trying to contact google and have them shut down or restore the account to myself. I have sent them as much information as they would require. However for over a week now nothing has been done. I am still recieving emails and threats for this other person under my gmail account.
Pretty sad when other companies such as ebay, paypal where eager to assisst yet i cannot get any response from google security
Someone gained access to my facebook account and deleted information. I changed my password and everything, but is there anything else I can do to find out what hapened or who or what was behind it?
Jeffery » Sure: you can cry, pray, revolt, or even ignore everything.