We’re just learning of a new exploit found that could have potentially lead hackers into your Google account and from there other accounts you might have linked to your Google+ email (the exploit has since been fixed). Tom Anthony writes about the exploit in his blog dated today. Read the tl;dr below.
I found a bug that allowed me to find anyone with a Google+ account’s login email address (even if they chose not to share it). This could be used to target specific people or just crawl Google+ collecting emails, and tying them easily to other social accounts as step one of something nefarious (e.g spear phishing, or other account compromise). This has now been fixed by Google’s security ninjas.
It’s very awesome that Google has fixed the issue so quickly but I am certain there are a few people who may have been affected. We personally know someone who was and they are in the process of trying to fix the security issues caused by whomever hacked their account. Even with two step authentication their account was compromised. Google hasn’t issued any press release on the situation just yet (we will keep an eye out for that).
So keep your eyes peeled for any strange activity on your Google+ account and be sure to change passwords as a safety precaution. We are definitely moving into a new era of cyber criminal activity and we should all be on our guard to protect ourselves from these types of compromises. We’re lucky that Google (and guys like Tom Anthony) is skilled enough to catch these things quickly and address them quickly. Companies like Google and Apple are on top of things consistently but how many other companies aren’t? I say, if you’re going for a degree, now is the time to think about majoring Computer Security. We’re gonna need more good people to combat the bad. What are your thoughts on cyber criminals? Let us know in the comments below or on Google+, Twitter and Facebook.