Gmail handing out contact lists

I have precisely three contacts in my database, and one of those steadfastly refuses being synced to the Blackberry so I’m not worried either way. But for the very popular set who also happen to be cheap enough to use a free email service and silly enough to store their Rolodex in one, Gmail might pose a problem.

Gmail’s JSON platform allowed websites to hijack users’ contact lists – the site appended what’s termed a “callback” variable in the URL, and when a user that was logged into Gmail came by the hacker extracted said information. Harvesting with a twist.

Google was quick to fix the problem, but the underlying risk remains. If you leave your data on someone else’s servers, you are beholden to their security force, however strong or weak it may be. It isn’t the first time something like this has happened at a large free email service provider, and it won’t be the last.

My veterinarian and pizza delivery guy are still safe.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.