Gmail Password Retrieval Vulnerability May Lead to Mass Hacking Attempts

May 22, 2012, By Sanjeev Ramachandran

If you think Google always tops in securing your data and personal information on web, that need not be always true. Now web security analysts feel that the password recovery options given in Gmail can be an easy way for hackers to get access to hundreds of Gmail accounts.

Presently, one of the ways in which you can retrieve your forgotten password is to request Google to send an account verification code to the associated mobile phone number with which the account can be accessed and the password can be reset.

But in fact, requesting Google to send a verification code to our phone number can be done by anybody how knows your number.

The way is considered secure since it assumes that none except the user of the phone can get access to the verification code. But that is where the vulnerability lies.

There is multiple reported instances where this vulnerability was used by individual hackers. But analysts feel that if hackers deploy the usual tactics used by marketers, they can easily harvest personal information on Gmail accounts through large scale phishing.

After requesting Gmail to send verification codes to a number of mobile numbers, which they can collect through social networking sources, hackers can bombard the victims with messages which tempt them to send back the verification code they have received on their mobile phones to a number to get rewards. After getting the verification codes, it will be easier for the hackers to access the account.

As Google asks for resetting the password as the next step, the original user will be shut off from the account forever. So be careful answering messages on your phone and keep vigil not to lose access to your account.

© 2008-2012 - All rights reserved | Privacy Policy