Video Edit: Ran Zimet , Narrated by: Guy Goren
A major Gmail breach allows users to claim the passwords of other Google users and take over private data. The breach was discovered by an Israeli product manager at walla! Simply by following Gmail's password restoring options.
The video shows how we managed to hack another user's Gmail account from a computer set within the company. What allegedly put at risk all of the employee's data.
It's important to mention that the hacking process was held with the consent of the person who's Gmail account was hacked and that breaking into google accounts is illegal
It seems that the breach is possible only within an organization for most companies use an inner network; as a result all computers within the organization share the same IP address (the one of that network).
"Discriminant information security is a serious hazard" says, Doron Sivan, MADSEC CEO: "Once a hacker successfully connect to the corporate network and browse through the Internet, it can bypass the user authentication mechanism . Thus, he can take control of the mail account and access e-mail and sensitive information .The problem is the fact that Gmail detects the number of users turn to him through the same IP address and therefore assumes that workers in the same organization . Thus it allows more easily reset your password. Many organizations tend to use gmail e-mail purposes , duty on these organizations and google to be aware of this security problem" .
We've contact Google for a response and we'll published it as soon as it gets in.