A security researcher uncovered a vulnerability in Google’s account recovery feature that allowed the researcher to retrieve the private recovery phone number of any Google account without alerting its owner. The bug, which involved a method of bypassing Google’s anti-bot protections, enabled brute-force attacks to reveal sensitive information in as little as 20 minutes. Following the researcher’s disclosure to Google, the company confirmed that the issue has been rectified. This represents a serious privacy risk, as access to an account's recovery number can lead to potential attacks on user accounts.
In a significant privacy breach, an independent security researcher demonstrated that a bug in Google's account recovery system could expose users' private recovery phone numbers without alerting them.
The researcher successfully exploited a flaw in Google's recovery feature which allowed them to brute-force a Google account's recovery phone number in under 20 minutes.
Collection
[
|
...
]