Obviously there was a bug that could easily steal the Google+ login email address

ByNtr 23

Online marketing companyDistilledServe as a consultant atTom AnthonyHas discovered a bug that allows you to look at the email address you use when logging in with your Google+ account.

Google Exploit - Steal Account Login Email Addresses Tom Anthony

Anthony can get it when he reports on his own study and Google's security holeRewardOften it seems that Google is searching for bugs. He seems to have reported bugs before, but he seems to have been able to exploit this thing very simple but easily.

A unique ID is allocated to each account of Google+. For example, the following account has the ID as it is in "103112588675637065591" part of the URL.

Fred Wilson - Google+

Anthony's account URL does not have a direct ID, but if you mouse over to Anthony's user name or copy the link's URL, you can easily see that the ID is "114756468015607312300".

If you look at the ID in the source of the Google + page, IDs are written to the source in the form of "id =" (Anthony's ID) "or" oid = "(Anthony's ID)" I understand.

Tom Anthony - Google+

バグを使って他人のGoogle+アカウントのログインメールアドレスを抽出する方法は非常に簡単で、「https://www.google.com/settings/dashboard」に「?uq=アドレスを知りたい相手のGoogle+ID」を付け足してOther people's dashboard(It is now being redirected to the dashboard of my account). The login screen opens.

When you log in by entering your Google Account login information here, you will see "Other people's account name + email address you tried to open" and "My account name + email address" like this and this will appear as a Google+ account It seems that the e-mail address you are using is easy to steal.

Furthermore, Anthony who found a bug reported that this bug was reported to Google on March 4, and received a bug fix report on 7th.

in Note,   Web Service, Posted by logu_ii