Google Blogoscoped

Forum

Mistakenly Logged In to Google As Someone Else?  (View post)

barry ni [PersonRank 0]

Tuesday, May 19, 2009
15 years ago5,798 views

this happened to me about two years ago in orkut.com, i had been away from the page for a few minutes, when i returned and hit the settings button i had moved into another identity: a Brazilian guy.

i always wondered what i would do in this situation and all i did was logoff. however it worried me as to the security of the site and i left orkut for facebook.

barry.

[Signature removed – Tony]

Bob Jones [PersonRank 2]

15 years ago #

I wonder if it's a Google issue, or, more likely, an ISP or country issue. Singapore could be, probably is, censoring the net, and this can lead to traffic flowing through one network. Else, an ISP is doing something that causes this for its customers.

Tony Ruscoe [PersonRank 10]

15 years ago #

When this happened before, it was an issue with ISP proxy servers. At the time, Matt Cutts posted an official Google response on the Google Operating System blog:

<< We had an isolated bug in our interaction with a proxy server in Singapore, and we've reached out to the local ISP to straighten this out. The Google Reader team has already pushed a fix; we will take steps on our side to prevent this from happening again. If you see any more instances, please contact us here: http://www.google.com/support/accounts/bin/request.py?contact_type=general&ctx=reader >>

Here's the post:
http://googlesystem.blogspot.com/2007/07/users-report-gaining-access-to-random.html

Priyadarsan Venugopalan [PersonRank 1]

15 years ago #

Thanks Philipp for the post.

if it's the issue with the ISP, why isn't this issue seen in Yahoo or any other accounts?. Is it with the login mechanism google use?

torgeir [PersonRank 1]

15 years ago #

or, you could be experiencing a login csrf attack, where an attacker logs you in to google on her account to log and extract your searches etc

Roger Browne [PersonRank 10]

15 years ago #

A proxy server is effectively a "man in the middle", and any misconfiguration can cause problems such as these.

You can protect yourself against wayward proxy servers by always using HTTPS, but then you don't get the performance benefits of the proxies.

You can get the "best of both worlds" by using HTTPS only for private pages like Gmail which a proxy server has no legitimate reason to mess with.

Jason [PersonRank 0]

15 years ago #

This happened to me on Monday. I was browsing Google Groups when I noticed that all of a sudden my account name had changed. Just for the heck of it I posted an answer and saw the other person's name as having answered it. When I changed to Google Mail and some other services, I was asked to log in again.
This was through my own adsl connection, no proxy server.

Jason [PersonRank 0]

15 years ago #

BTW, this happened in Bangkok where I live.

Stephan Locher [PersonRank 9]

15 years ago #

Could be some Transparent Proxy Server, or is this even happening when you use a VPN to another ISP abroad?

Priyadarsan Venugopalan [PersonRank 1]

15 years ago #

Hooray!

I got a response from google today.

Hi Priyan,

The issue you're describing was reported by a small number of users
visiting a Google Help Center page from your ISP. As you described, those
users could become partially logged into the account of a recent viewer of
the same page from the same ISP. We have fixed the issue completely, and
we apologize for any inconvenience.

Thanks very much for reporting it to us.

Regards,
Manuel for
The Google Security Team

http://priyadarsan.blogspot.com/2009/05/google-providing-access-to-other-user.html

Jason [PersonRank 0]

15 years ago #

Perhaps not fixed enough... i received email notification today that someone had just answered two questions that were placed in Google Help under my account name. Needless to say, it wasn't me.

Priyadarsan Venugopalan [PersonRank 1]

15 years ago #

Jason, It might be because, that "someone" might have checked the option to receive alerts, when he was logged in using your account (mistakenly, ofcourse). You can now go to the form threads, to uncheck that option and live peacefully :)

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!