A few months ago, Twitter was hacked by means of a clever, yet somewhat obvious approach. Today, I saw the following alert on my Gmail account, ensuring that this security vulnerability is fixed. I’m often impressed by Gmail, but this is great to see:
Hey, this is important: If you ever lose access to your account, you can send password reset info to [firstname.lastname@example.org]. This address is correct | Update this address
What happened in the case of Twitter was that a hacker did the following:
- Figured out the Gmail address of a Twitter employee
- Went to Gmail’s password reminder, and requested a reminder
- This informed the hacker that an email reminder was sent to a specific Hotmail address
- That Hotmail address had been automatically closed due to disuse
- The hacker set up that email account, since it was now available
- The hacker then requested another password reminder, which summarily sent an email to his new Hotmail account
- This gave the hacker complete access to the Twitter employee’s gmail account (and thus a lot of other stuff)
The new alert that Gmail is now popping up should serve the function of updating this, and, if done correctly, should fix this problem permanently. Well done Gmail.
I love getting feedback and comments. Make my day by making a comment.