Google has fixed a bug in its Gmail account retrieval and password reset process that could have allowed an attacker to fool a user into handing over their details. The bug, discovered by white-hat hacker Oren Hafif, has since been fixed and was confirmed as a ‘high impact’ vulnerability by Googler Sebastian Roschke on Google +. While we won’t go into the technical details of how Hafif pulled off the hack, you can see a quick overview of the spear-phishing attack in the video embedded at the site below. One of the worrying things is that as part of the process, the user is actually directed to a genuine HTTPS Google.com webpage at one point. While it’s a concern to have any password reset system go awry, it is particularly troubling when it’s also your Gmail password.