I get the sense that there was a time when Google would have not have trusted an off-the-shelf solution like Salesforce, and would have built their own in-house thing.
I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).
Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.
This article links to a Forbes article that states it was a leak of a Saleforce instance that contained contact information about small and medium businesses.
This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.
8 comments
[ 4.8 ms ] story [ 32.4 ms ] threadUntil it happens to them.
A quick search/prompt shows:
- Operation Aurora: <https://en.wikipedia.org/wiki/Operation_Aurora>
- 2010s global surveillance disclosures: <https://en.wikipedia.org/wiki/2010s_global_surveillance_disc...>
I'm dubious. This requires you give google a phone number. Almost universally if you give a company a phone number there is eventually an avenue for an attacker to convince the company to give them control of the account by demonstrating control of the number (which they've sim swapped or otherwise hijacked).
Even if at the moment there is no avenue to exploit google this way (also doubtful), all it takes is some new product (like workspaces) that has a different security understanding or new bugs to open a vector.
https://news.ycombinator.com/item?id=44812343
https://cloud.google.com/blog/topics/threat-intelligence/voi...
This PCWorld article seems to be taking that to mean that every single gmail account (2.5B) is at risk with nothing to support that claim.