A bug in Gmail could have left every user’s email address on the service exposed to collection by outside parties for close to four years. A security researcher from Tel Aviv discovered the bug, which allowed him to collect 37,000 email addresses in as little as two hours with a brute force attack. The bug could allow someone to change a token in a URL, gained from a declining access notification in Gmail’s delegation feature, using a script to gather addresses….
