Critical Google Account Flaw Allowed Phone Number Extraction
2025-06-09
A security researcher discovered a critical vulnerability in Google accounts that allowed attackers to easily obtain users' phone numbers through brute-forcing. The exploit leveraged Google Looker Studio's document ownership transfer feature, allowing attackers to guess phone numbers without the victim's knowledge. Google has since patched the vulnerability and awarded the researcher $5,000. This flaw poses a significant risk to SIM swappers, enabling them to steal various accounts, including cryptocurrency and email, through identity theft.
Tech