Get Anyones Google Password! – This Easy!

“I just discovered what seems to me a massive security loophole. Please someone tell me if the following makes any sense.

My son was playing on my phone (Galaxy S3). He tried to purchase in app items on Subway Surfer but didn’t know the password. So, he followed the following steps to reset my password from my phone without having to enter any information about the account:

Starting from the screen after you click “buy,”

1. Click the question mark next to the password box when asked to confirm password for a purchase.
2. Click “forgot password.”
3. Click “I don’t know.”
4. Leave the selection on the page at “Confirm password reset on my Android Samsung SCH-I535 phone.”
5. Click “Yes”
6. Click “Allow Password Reset.
7. Enter and confirm new Password.

And that allowed someone with absolutely no knowledge about my Google account, and access only to my phone, to reset a new password for my entire Google account.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: