Gmail Security Hole Harvesting Accounts?

A technique used by marketers to trick people into signing up for “free” merchandise could easily be re-deployed as an engine for harvesting untold numbers of Google account passwords. Fixing the issue won’t be trivial for Google, because the exploit is fundamental to how Google allows users to recover access to their accounts when they lose or forget their passwords.

While others have reported on the use of this exploit by individual hackers, I believe what you’re reading now is the first account of how it could be transformed into a mass phishing scam that could dragoon even relatively sophisticated users.

Source: Gmail’s Security Hole Could Lead to Mass Harvesting of Accounts