Latest news with #GoogleAccount
TechCrunch
4 days ago
- TechCrunch
Google fixes bug that could reveal users' private phone numbers
A security researcher has discovered a bug that could be exploited to reveal the private recovery phone number of almost any Google account without alerting its owner, potentially exposing users to privacy and security risks. Google confirmed to TechCrunch that it fixed the bug after the researcher alerted the company in April. The independent researcher, who goes by the handle brutecat and blogged their findings, told TechCrunch that they could obtain the recovery phone number of a Google account by exploiting a bug in the company's account recovery feature. The exploit relied on an 'attack chain' of several individual processes working in tandem, including leaking the full display name of a targeted account, and bypassing an anti-bot protection mechanism that Google implemented to prevent the malicious spamming of password reset requests. Bypassing the rate limit ultimately allowed the researcher to cycle through every possible permutation of a Google account's phone number in a short space of time and arrive at the correct digits. By automating the attack chain with a script, the researcher said it was possible to brute-force a Google account owner's recovery phone number in 20 minutes or less, depending on the length of the phone number. To test this, TechCrunch set up a new Google account with a phone number that had never been used before, then provided brutecat with the email address of our new Google account. A short time later, brutecat messaged back with the phone number that we had set. 'bingo :),' said the researcher. Revealing the private recovery phone number can expose even anonymous Google accounts to targeted attacks, such as takeover attempts. Identifying a private phone number associated with someone's Google account could make it easier for skilled hackers to take control of that phone number through a SIM swap attack, for example. With control of that phone number, the attacker can reset the password of any account associated with that phone number by generating password reset codes sent to that phone. Given the potential risk to the wider public, TechCrunch agreed to hold this story until the bug could be fixed. 'This issue has been fixed. We've always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue,' Google spokesperson Kimberly Samra told TechCrunch. 'Researcher submissions like this are one of the many ways we're able to quickly find and fix issues for the safety of our users.' Samra said that the company has seen 'no confirmed, direct links to exploits at this time.' Brutecat said Google paid $5,000 in a bug bounty reward for their finding.
Metro
21-05-2025
- Metro
Warning to 1,800,000,000 Gmail users over sophisticated scam
Gmail users have been warned about a highly convincing scam email thatappears to come from Google themselves. The email seems to come from no-reply@ which is the address that real security updates come from. It links to a webpage hosted by Google, too, which is another convincing sign. But the website was not made by them; it was made by scammers trying to trick you. The email claims that 'a subpoena was served on Google LLC requiring us to produce a copy of your Google Account content'. It links to a domain designed to look like Google's genuine support page. However, the real support webpage is on while the 'sites' domain is one that anyone can build a free webpage on. Ordinary users are unlikely to know or notice this, however, and could inadvertently grant scammers permissions that could allow them access, or target you with malware. Security software firm Kaspersky said that there are other clues, too. If you look closer at the email details, the to and mailed-by fields contain a jumble of letters of emails which have nothing to do with Google, showing me[@]googl-mail-smtp-out-198-142-125-38-prod[.]net and The scam was first revealed by tech developer Nick Johnson. The scammers used Google OAuth technology, which is what you see when you use your Google details to sign into a different app. Those who fell victim to the scam approved the permissions thinking they were giving Google themselves permission. It is not clear exactly what the scammers hoped to achieve by this, but could involve data theft or infecting the victim with malware. Kapersky said that when an OAuth app is registered, 'the web application administrator can manually enter completely arbitrary text in the App Name field – this is what the criminals apparently took advantage of.' The mechanism that attackers used to do this has now been shut down, which will prevent this method of attack from working in future. A Google spokesperson said: 'We're aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. 'In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.' They recently issued guidance on spotting scams, saying they will not ask for any of your account credentials, including your password, one-time passwords, confirm push notifications, and will not call you. Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: People are placing bets on which five escaped New Orleans prisoners will be caught last MORE: Stalker detective tried to 'destroy' ex's life by lying he was a paedophile MORE: School boys deny throwing massive seat over balcony at Westfield
Business Standard
20-05-2025
- Business
- Business Standard
Bharti Airtel partners with Google to officer Google One subscription to its customers
Bharti Airtel and Google, today, announced a partnership that brings a compelling Google One cloud storage subscription service for Airtel customers, helping address the mounting challenge of limited device storage. All postpaid and Wi-Fi customers will get access to six months of 100 GB Google One cloud storage at no extra cost. They will also be able to share this storage with up to five additional people. The partnership aims to address the issue of growing data storage constraints faced by users by ensuring that customers have ample space to store their cherished photos, videos, documents and other digital content without the need to frequently delete files or resort to expensive physical storage expansions. Additionally, WhatsApp chats on Android are backed up to Google Account storage which will make device switching easier for customers. The cloud storage provision is comparable with both Android and iOS platforms, making it widely accessible to Airtel's diverse customer base.
The Hindu
20-05-2025
- Business
- The Hindu
Airtel, Google team up to offer cloud storage subscription to postpaid and Wi-Fi customers
Bharti Airtel and Google on Tuesday (May 20, 2025) announced a partnership to offer Google One cloud storage subscription service for the telco's customers, to address the limitations of device storage. All postpaid and Wi-Fi customers will get access to six months of 100 GB of Google One cloud storage at no extra cost. After six months, a fee of ₹125 per month will be added to the customer's monthly bill. If a customer chooses not to continue the subscription, they can cease to be a Google One member, according to a release. The partnership seeks to address the issue of growing data storage constraints faced by users by ensuring that customers have adequate space to store photos, videos, documents and other digital content without the need to frequently delete files or resort to expensive physical storage expansions, according to the release. As an introductory offer, the 100 GB cloud storage will be available at no additional cost for six months from the date of activation, enabling customers to back up their data and taste the convenience of cloud storage. Customers will also be able to share this storage with up to five additional people. Additionally, WhatsApp chats on Android are backed up to Google Account storage, which will make device switching easier for customers. The cloud storage provision is compatible with both Android and iOS platforms, it said.
&w=3840&q=100)
Business Standard
20-05-2025
- Business
- Business Standard
Airtel, Google team up to offer cloud storage to postpaid, Wi-Fi users
Bharti Airtel and Google on Tuesday announced a partnership to offer Google One cloud storage subscription service for the telco's customers, to address the limitations of device storage. All postpaid and Wi-Fi customers will get access to six months of 100 GB of Google One cloud storage at no extra cost. After six months, a fee of Rs 125 per month will be added to the customer's monthly bill. If a customer chooses not to continue the subscription, they can cease to be a Google One member, according to a release. The partnership seeks to address the issue of growing data storage constraints faced by users by ensuring that customers have adequate space to store photos, videos, documents and other digital content without the need to frequently delete files or resort to expensive physical storage expansions, according to the release. As an introductory offer, the 100 GB cloud storage will be available at no additional cost for six months from the date of activation, enabling customers to back up their data and taste the convenience of cloud storage. Customers will also be able to share this storage with up to five additional people. Additionally, WhatsApp chats on Android are backed up to Google Account storage, which will make device switching easier for customers. The cloud storage provision is compatible with both Android and iOS platforms, it said. (Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
