Quote:
Originally Posted by svandamme
.......
Why would there be a problem?
Any email to stijn.vandamme@gmail.com would end up in the stijnvandamme@gmail.com mailbox
and when the user replies, it will be from stijnvandamme@gmail.com since gmail doesn't do dots.
How would a hacker in that way get access to the account? the password is still there.
You can't login to the mailbox without it.
The only way I can see an issue, if at some point they did allow a . in the adress but not in their routing.
Which would be a bit of a split brain problem and then you supposedly could get the mails to change routing, if the target has a dot, and you slip in with the same adress without a dot. |
IIRC the issue was usernames, they allowed it on account creation so your.name and yourname were seen as unique accounts.
And the issue was not getting access to gmail, it was every account / service you used that gmail address with.
We all know email address lists get stolen 24/7.
So parse the list for any gmail addresses containing names with periods.
Now create a new account without the period and you will get the original accounts mail.
Forgot your username, we’ll send it to your email on file.
Forgot your password, we’ll send a reset link to your email on file.
These days when you try to create a new gmail address with a period in it gmail actually pops up text in red that says someone already has that username and that gmail ignores periods.
I would not bother googling that **** up because, well, gmail is google, as we know.
But trust me, this was a thing.