{"id":613,"date":"2012-12-24T08:15:50","date_gmt":"2012-12-24T15:15:50","guid":{"rendered":"https:\/\/www.joshualyman.com\/?p=613"},"modified":"2013-12-11T16:14:30","modified_gmt":"2013-12-11T23:14:30","slug":"gmail-just-logged-me-in-as-someone-else","status":"publish","type":"post","link":"https:\/\/www.joshualyman.com\/2012\/12\/gmail-just-logged-me-in-as-someone-else\/","title":{"rendered":"Gmail just logged me in as someone else"},"content":{"rendered":"

UPDATE: After doing extensive checking with extended family, this has proven to be legitimate (though very unexpected). Please ignore the post and move along, Gmail is still secure for now! My sincere apologies for raising an alarm.<\/strong><\/p>\n

This morning I opened my laptop and went to gmail.com to check my email, but was a little confused at first. The first email was from Amazon Local Deals, which I was pretty sure I had unsubscribed from a while ago, and furthermore it was from an area I used to live in, but have since moved from. Then I saw that two people that I did not know had circled me on Google+, not completely unusual but still unexpected. Then the kicker… my name was gone from the top right, and instead I was inside of Sarah Jenkins’ account<\/strong> (name changed).<\/del><\/p>\n

At that point I shot back to the inbox, and sure enough, I was in a completely different person’s account. All the emails were completely foreign, the chat list was full of people I did not know, and the +You name in the top right was definitely +Sarah, not +Joshua. I quickly checked Chrome’s Web Inspector and looked at the cookies. Indeed, everything appeared as if I were her, almost as if it was a Firesheep session, but it most certainly was not.<\/del><\/p>\n

I certainly got out of her account as quickly as I could, but did take a quick screenshot and saved the network data (and corresponding cookie information) strictly for evidence in hopefully helping the Gmail team should they need debugging evidence. I would never want to violate this other person’s privacy, just as I would not want mine violated.<\/del><\/p>\n

And that is what scared me: this happened to me, being in someone else’s account. But what if a different person in the meantime has been in mine? Email is the gateway to\u00a0everything<\/strong> online, and I would never want anyone in my account that shouldn’t be there. An incredibly bizarre and potentially\u00a0dangerous\u00a0<\/strong>situation.<\/del><\/p>\n

Facts:<\/h3>\n

 <\/p>\n