Google’s program that pays people to discover security issues has another winner: a Pakistan student, called Ahmed Mehtab. Ahmed Mehtab is a student and a hacker that has discovered a new security issue on Gmail that would allow anyone to steal someone else’s Gmail account following a series of relatively simple steps. The problem comes when a user decides to associate two Gmail accounts, one that does belong to them and one from someone else. When reporting this second account, an automatized email will be sent to said account to confirm whether he or she wishes to link both accounts or not. Nevertheless, if the account has any kind of problem, the email is sent back with the verification code, and the hacker would therefore be able to link both accounts successfully without the owner’s consent.
The targeted Gmail account should have a problem
This trick only works of the victim’s Gmail account has some kind of problem and it sends back the activation email, but his is something that happens very often – for example, when the Received box is full of emails and needs to be cleaned up. This issue, described thoroughly at securityfuse.com, will allow Ahmed to win a 20.000 dollars reward, although Google has still to comment on the topic, so the prize may change.
This security issue is pretty basic, but it shows that even the safest platforms nowadays are bound to have security leaks. Digital criminals have many ways to get to their target, and they very well could send trial emails to thousands of accounts to check which ones are having problems before attempting to get over it. To avoid being a victim of this issue, we recommend having your Inbox with enough room for new emails and checking often on your Gmail account to make sure it is still yours!