this happened to me about two years ago in orkut.com, i had been away from the page for a few minutes, when i returned and hit the settings button i had moved into another identity: a Brazilian guy.
i always wondered what i would do in this situation and all i did was logoff. however it worried me as to the security of the site and i left orkut for facebook.
barry.
[Signature removed – Tony] |
I wonder if it's a Google issue, or, more likely, an ISP or country issue. Singapore could be, probably is, censoring the net, and this can lead to traffic flowing through one network. Else, an ISP is doing something that causes this for its customers. |
When this happened before, it was an issue with ISP proxy servers. At the time, Matt Cutts posted an official Google response on the Google Operating System blog:
<< We had an isolated bug in our interaction with a proxy server in Singapore, and we've reached out to the local ISP to straighten this out. The Google Reader team has already pushed a fix; we will take steps on our side to prevent this from happening again. If you see any more instances, please contact us here: http://www.google.com/support/accounts/bin/request.py?contact_type=general&ctx=reader >>
Here's the post: http://googlesystem.blogspot.com/2007/07/users-report-gaining-access-to-random.html |
Thanks Philipp for the post.
if it's the issue with the ISP, why isn't this issue seen in Yahoo or any other accounts?. Is it with the login mechanism google use? |
or, you could be experiencing a login csrf attack, where an attacker logs you in to google on her account to log and extract your searches etc |
A proxy server is effectively a "man in the middle", and any misconfiguration can cause problems such as these.
You can protect yourself against wayward proxy servers by always using HTTPS, but then you don't get the performance benefits of the proxies.
You can get the "best of both worlds" by using HTTPS only for private pages like Gmail which a proxy server has no legitimate reason to mess with. |
This happened to me on Monday. I was browsing Google Groups when I noticed that all of a sudden my account name had changed. Just for the heck of it I posted an answer and saw the other person's name as having answered it. When I changed to Google Mail and some other services, I was asked to log in again. This was through my own adsl connection, no proxy server. |
BTW, this happened in Bangkok where I live. |
Could be some Transparent Proxy Server, or is this even happening when you use a VPN to another ISP abroad? |
Hooray!
I got a response from google today.
Hi Priyan,
The issue you're describing was reported by a small number of users visiting a Google Help Center page from your ISP. As you described, those users could become partially logged into the account of a recent viewer of the same page from the same ISP. We have fixed the issue completely, and we apologize for any inconvenience.
Thanks very much for reporting it to us.
Regards, Manuel for The Google Security Team
http://priyadarsan.blogspot.com/2009/05/google-providing-access-to-other-user.html
|
Perhaps not fixed enough... i received email notification today that someone had just answered two questions that were placed in Google Help under my account name. Needless to say, it wasn't me. |
Jason, It might be because, that "someone" might have checked the option to receive alerts, when he was logged in using your account (mistakenly, ofcourse). You can now go to the form threads, to uncheck that option and live peacefully :) |