While Red Herring
reports that Gmail was vulnerable to hacking, Google says Gmail was never
hacked and that Gmail users were never at any serious threat.
According to Google, the vulnerability would only work if someone knowingly
provided the authentication token that appears in the browser address field
after someone logs in. The token is that big stream of numbers and letters, such
I’ve bolded it (and the characters are just something I made up, but they
illustrate what you might see when logging in).
If you were to give that URL to someone else, then with further work, they
might be able to log-in to your account.
Of course, if you were to give someone your Gmail account name and password,
they might be able to log-in your account as well. Neither situation is likely,
but the latter is much more in the realm of possibility.
Regardless, Google says it’s since fixed the vulnerability, just to be
absolutely safe. As for solving the problem of people sending their much more
easily accessible log-in information, that remains up to the user, of course.
FYI, the 5 million Gmail user number in the story didn’t come from Google,
the company says. It says it still has never disclosed the total number of Gmail
users out there.