Hackers Could Have Been Abusing This Bug To Get Gmail Addresses For Years

A major bug in Google’s Gmail service was recently patched, but until now, all it took to find potentially every Gmail address in the world was a few keystrokes, Wired reports.

Tel Aviv-based security researcher Oren Hafif discovered the bug and helped Google fix the problem. Before he did that, he experimented, setting up a program that uncovered 37,000 Gmail addresses in about 2 hours, he told Wired.

“I have every reason to believe every Gmail address could have been mined,” Hafif told Wired. He added that any business using Google to host its emails was also vulnerable.

The bug involved an account-sharing feature that lets users delegate access to their accounts. Discovering email addresses is as simple as changing a few characters in a URL. Hafif uploaded a how-to video to his YouTube channel.

Hafif reported the bug to Google, who fixed it after about a month. The company paid the security researcher $US500 under its bug bounty program, which Hafif thought was a little low.

“Being a good person is not very profitable these days,” he said with a smiley face on Twitter.

NOW WATCH: Tech Insider videos

Want to read a more in-depth view on the trends influencing Australian business and the global economy? BI / Research is designed to help executives and industry leaders understand the major challenges and opportunities for industry, technology, strategy and the economy in the future. Sign up for free at research.businessinsider.com.au.