Blog

I recently had some problems with the Google Calendar - and wanted users to be aware. This is what I sent to google to warn them of the security issue:

“I have been using google calendar with the login “myeemail@email.com” and my password.

I recently had a need to create a gmail account because my personal email was not functioning.

I created the gmail account with the username “newusername”.

It asked me to associate a personal email and so I entered “myeemail@email.com”

Shortly thereafter I realized I couldn’t get into my google calendar.

I repeatedly tried to login when I realized that by creating a gmail account and associating that email - it changed my google calendar username and gave my gmail account access to the calendar.

I consider this a security flaw, as anyone could have created a new gmail account, associated it with my email, and would have instantly had access to my google calendar.
Luckily - the individual creating the gmail account was me - so I figured out what happened. In addition, had it not been me, I would still be wondering why I couldn’t access my calendar.

I hope this is valuable as other’s may not be so lucky. For example, I could great new gmail accounts and guess emails to associate them with and get into other peoples google calendars, while at the same time changing their username.