Recent reports highlight that a vulnerability was discovered and promptly addressed within Google’s account recovery system. This specific issue had the potential to expose users’ phone numbers under certain, limited conditions.
The bug resided in a particular flow related to regaining access to an account. While not a widespread data breach affecting all users, it meant that in specific scenarios, the phone number associated with an account could potentially be revealed.
Fortunately, the company quickly identified the problem. Upon discovery, engineers worked swiftly to patch the vulnerability and deploy the necessary fixes. This action ensures that the potential leak point has been closed, restoring the intended privacy for users’ contact information during the account recovery process.
This swift response underscores the importance of continuous monitoring and rapid action to maintain user security and protect sensitive personal data like phone numbers. Users can be assured that the identified issue has been fully resolved.
Source: https://www.bleepingcomputer.com/news/security/google-patched-bug-leaking-phone-numbers-tied-to-accounts/
