The weakness in Google’s password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.
First seen on darkreading.com
Jump to article: www.darkreading.com/vulnerabilities-threats/google-bug-brute-forcing-phone-number
