Report: Log-ing into any ones gmail id is possible within no time just by knowing few basic information of the person.

Dear Sir/Madam

PFA of snapshots which clearly tells you how ones id can be hacked by illustrating with my own id.

1. Type a email id that one wants to hack
2. Click on "Forgot Password".
3. Click on "i don't know" when asked for last password you remember.
4. Click on "i can't access my phone".
5. The link that has to be followed when asked for confirm access to my recovery email is: "Verify your identity" which is below the continue button(Do not click on continue option).
6. a. The last time you were able to sign in.
      This option seems tricky but yet very easy to guess and even it takes nearest answer as in the example i have given "10th June" where i have accessed the targeted account til date i.e on "15th June".
In reality a regular used id can be hacked giving some recent date value.

6. b.Creation of your account.
   i have Mentioned as "July 2011"
I have guessed this date since Gmail was introduced in year 2004 hence date cant go before it. And some wise guess can be made by knowing some information of the targeted ID/Person like qualification of the person or when was the particular organisation was started (if the ID is of some Organisation) etc..

7. a. Email address of up to 5 frequently emailed contacts
      Well this would be damn easy for any hacker if he is hacking the id of his own colleague or Counterpart or Classmate or business partner or HR/Manager, mainly who send mails to many at once etc..
And it would be even more easy if that hacker is in some group or tagged in "To" field with multiple senders ids including the target ID.  

7.b. Name of up to four labels.
     Well this can be generally guessed, knowing the interests of the person or just ignore it by leaving it empty.
     "Here i have tried with empty option".

7.c. First recovery email address you remember
     Even here hacker can either guess or leave this option empty.
     "Here i have tried by leaving even this option as Empty".

8. Click on reset password.

9. Enter new password
   -Enter any unused new password

10. Either click on "Review recovery info" or directly go for accessing mails by clicking at the options given at right-top corner.

11. Hacker can delete inbox mail which states the password has been changed and can create any mess/unethical/crime/Fraud issues with the hacked id and even change the security option and so on.

Once it is done, a message from Google comes to a original/Targeted Id's registered number or to recovery Id, stating the password has been changed and giving the option to re-set the password.

But however this can be of no use if the person has not seen the Message or Number is not accessible or The mails form recovery id are ignored or Security option for Targeted Id is strictly changed by the hacker or if its too late.

Since it is a Public issue please review over it and solve it by reducing the options for the ID with forgot password.

Hoping for your reply. 

Thank you.

Regards 
Naveen G
(India)

VERSION
Chrome Version: [51.0.2704.84] + [stable]
Operating System: [Windows, 10, pro]

 

Deleted: Snapshots.rar 1.2 MB

Snapshots.rar 1.2 MB Download