GmailGoogle has fixed a bug in its Gmail account retrieval and password reset process that could have allowed an attacker to fool a user into handing over their details. The bug, discovered by white-hat hacker Oren Hafif, has since been fixed and was confirmed as a ‘high impact’ vulnerability by Googler Sebastian Roschke on Google +. While we won’t go into the technical details of how Hafif pulled off the hack, you can see a quick overview of the spear-phishing attack in the video embedded at the site below. One of the worrying things is that as part of the process, the user is actually directed to a genuine HTTPS webpage at one point. While it’s a concern to have any password reset system go awry, it is particularly troubling when it’s also your Gmail password.

Read the full story at The Next Web.

Get Briefed Every Day!

Subscribe to my daily newsletter featuring current events and the top stories in technology, media, and marketing.