Gaping hole in Gmail Privacy  

Posted by NoeL in , ,

I came across a an interesting blog post showing how to get the name of a Gmail account. Since the bug was visible through Google Calendars I hoped that it was maybe limited to users who had signed up for Google Calendar. This is not the case.

Ever wondered what name is behind some obscure gmail address? Maybe your preferred gmail address was taken and you’re wondering who took it?
Here’s a cute vulnerability in the gmail system that comes from the strong tie-ins between gmail, the google calendar and all the other services.


What you have to do for finding the names is:-

  1. Go to Google Calendar.
  2. On your left side, go to the 'Share this Calendar' TAB.
  3. Enter the email address of which you are interested to find the details in 'person' box.
  4. Click ‘add person’ and ’save’.
  5. If you are told that the user is not using Google Calendar and whether to send an invite to him, say 'NO'.
  6. Now return to 'Share this Calendar' TAB. Here you will see the first and last name of the person along with the gmail address.

It is that simple!! Now try who uses admin@gmail.com emal address. :) If you are still not clear with the procedure, go here.

We can just hope Google finds out this ASAP and fixes it!
Privacy is at Stake!!

NoeL

NB: Many cases, people use false names. Still, it is a problem.

Update: 20/07/2008
Google has addressed this issue. Now the name is not being displayed!

This entry was posted on Thursday, July 17, 2008 at Thursday, July 17, 2008 and is filed under , , . You can follow any responses to this entry through the comments feed .

0 comments

Post a Comment

Bookmark

Legal Disclaimer

I study at European Business School, Oestrich-Winkel. The opinions expressed here are my own, and neither European Business School, Oestrich-Winkel nor any other party necessarily agrees with them.