An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

July 20, 2007

Users Report Gaining Access to Random Google Accounts

There are many problems with Google's services lately. After Google Groups had some temporary glitches, some people report that Google switches them to random accounts.

Jvy Loh writes on his blog about the incidents:

"It started off when I was using gg docs and after closing 1 of my docs, I was returned to my 'doc home', however, someone else's email was reflected at the top instead of mine. It disappeared soon after before I could catch what was going on. (...) Lately, the google problem came up again. Nearly everytime I boot up my computer, and login to google toolbar or gmail, I began to notice that when I went further to click on other google services, e.g. gg reader, very often I went into someone else's reader. Not just their email id replacing mine at the top, it was literally someone's reader. I could read their feeds and so on. (...) The MOST SERIOUS thing so far is that you can accidentally made changes to other user's account while you think you are modifying your own. I realized that when I was making changes/adding items, like adding a bookmark, adding a feed into my reader, and adding notes to my notebook, adding gg gadgets to my igoogle, rearranging my igoogle layout, the changes all went to the other party, not mine, and hey this is scary!"

He also mentions that the users seem "to be originating from the same city, which is Singapore, and I suspect some of them are students, by browsing through the gg reader feeds presented to me, and supposingly 'my bookmarks'. (...) Not only did it appear in Singapore, those users seem to be from the same organization, which are local universities, 1 from NTU, and some may be from NUS, and fyi the 2 top universities in Singapore are located in the west of Singapore, and I am in the north-west, which is pretty near to each other."

Other Google user complains over at Google Groups: "Whenever I use Google Reader, I would 'cross-over' to another user's account."

And another one: "I've been login to other users today, seeing their feeds instead of mine. I login to gmail and google reader. While reading the feeds halfway I would see my feeds change into other user's [feeds], my account will also change to other google user account."

Other report from a regular reader of this blog: "While I was reading posts in Google Reader today, my account was switched to someone else's account. The account name on the upper right corner changed and I could see all his or her subscriptions in my Google Reader. I closed the Reader and open it again. Nice! I could read another person's subscriptions. I tried iGoogle and it was also changed."

It seems that this isn't an isolated incident and it may have something to do with Google cookies and Google Reader, but it's not very clear. If you had similar problems or you know what causes them, please let us know.

Update. Matt Cutts, from Google, posted this: "Given that most of these reports are coming from a single area (Singapore), it sounds like an ISP isn't handling their connections correctly. We've certainly seen ISPs mess up their proxies before. I'll still ask about this though."

Update 2. Jvy Loh writes: "Since last Saturday [July 22] after Google Reader was patched (need confirmation from Google whether the Google Reader or local ISP proxy/cache played a bigger part in this security problem), I have not noticed any more security glitches. Two other Singapore users who contacted me also reported no more security issues since then. So, we have enough reasons to think that the security issues related to what I have reported have been eliminated."

28 comments:

  1. That sounds really dodgy, I sure hope it doesn't happen to me.

    ReplyDelete
  2. I had the same problem once in Google reader. I hit refresh, and it showed some different feeds. I refreshed the whole page, and it was someone else's account. After restarting Firefox, everything was back to normal. It was very odd.

    ReplyDelete
  3. If I were you, I would definitely have a look at whether the university has some badly set-up proxy...

    ReplyDelete
  4. I hope everyone is civilized about it if this is a widespread problem. I wish my account to be treated with the same amount of respect with which I would treat the accounts of others.

    ReplyDelete
  5. My google docs don't work right and my google notebook didn't work anymore im 4 days today =/

    ReplyDelete
  6. i had the same problem at google groups at 29/06/2007
    it havens when i was managing the users of my group

    ReplyDelete
  7. I'm one of those being affected by this problem. I think it might be my ISP, because once I reached work, I have none of those problems, but I continue to have the problem at home.

    While I am from one of the named Singapore universities, I was not using the varsity connection, so I wouldn't know if it was in fact, isolated there.

    ReplyDelete
  8. I am this problem a couple of times already today on the reader. And yes, I am from Singapore.

    Can this problem be from the ISP?

    ReplyDelete
  9. I have had this problem happen starting yesterday at a client site. If it's not on Google's server side (e.g. giving out redundant cookie session ids).

    I'd highly suspect that it is proxy server related. Either Google changed some of their cache directives, or some proxy servers have changed their behavior for some reason.

    In this case, the proxy server is Novell Border Manager, if that helps.

    It's also worth noting that it happened twice, and both times I ended up looking at the wrong Google Reader feeds but for the same user.

    ReplyDelete
  10. this is really bizarre, my friend ended up in my account!!
    luckily, he did not modify my feeds, though he did screw up some other guy's iGoogle... :(

    ReplyDelete
  11. I'm from Singapore too. I was using NUS network when I got the problem.

    But, on my IE, I have a different account other than the one that encountered the problem. When I used that account, there was no problem at all, even at the same time when I was having the same problem in the other account in Firefox! I logged off the problematic account in Firefox and logged in with the account from IE, there was no problem. I logged in again with that problematic account (also in Firefox) then the problem came back again!!!!

    I still don't know what had caused this problem. My testing with two accounts further confused the problem.

    ReplyDelete
  12. One thing I don't like about google account in general is that if you select "logout" from one computer.. it doesn't logout from every computer

    Or I'm wrong?

    ReplyDelete
  13. So that means the problem has mostly occurred in Singapore?

    ReplyDelete
  14. Given that most of these reports are coming from a single area (Singapore), it sounds like an ISP isn't handling their connections correctly. We've certainly seen ISPs mess up their proxies before. I'll still ask about this though.

    ReplyDelete
  15. Both the security team and the Google Reader team were already on it. Even though it's not on Google's side as near as we can tell, the Reader team are looking for a way to prevent faulty proxies/caching from affecting users.

    ReplyDelete
  16. Does this extend to Gmail too?

    ReplyDelete
  17. It's totally a proxy problem...this used to happen when I was at a university and I would login to Yahoo! only to get someone else's Yahoo! account.

    ReplyDelete
  18. This used to happen on my computer. I would log in to my "igoogle" back wen it was called Google Home Page and I would get my igoogle but with my girlfriends mail. She had the same problem. I wrote google but they didn't help except told to be sure we logged out

    ReplyDelete
  19. @Anonymous: Look at the post above you... ;)

    ReplyDelete
  20. I am from Turkey. I had this problem with IGoogle. Someone else's homepage is presented instead of mine.

    ReplyDelete
  21. A nice copycat here.

    Don't know how many more are out there.

    ReplyDelete
  22. I've experienced this eiether serveral times.
    Location: Tehran, Iran. Shattel Broadband ISP (85.15.x.x)

    ReplyDelete
  23. i don't use google's service as much. But i notice that google updated their toolbar. If those ppl who's been having problem also have google toolbar install, it might have been it. Cause the new google toolbar can keep track of whether you're logged on or not. and also retrieve your unread mail and show on the toolbar. Seems to be a very likely chance.

    ReplyDelete
  24. I actually had a response from the relevant team from Google on July 20th; it's my fault for being so tardy on posting this. But here's what they had to say:

    "
    We had an isolated bug in our interaction with a proxy server in Singapore, and we've reached out to the local ISP to straighten this out. The Google Reader team has already pushed a fix; we will take steps on our side to prevent this from happening again. If you see any more instances, please contact us here: http://www.google.com/support/accounts/bin/request.py?contact_type=general&ctx=reader
    "

    I believe that the Reader team took steps to prevent this from happening on the same day that the issue occurred. Sorry again for taking so long to post the official comment from Google.

    ReplyDelete
  25. I am still seeing this problem on a company LAN... thinking of emailing the people whose accounts I see to let them know. Has no one else experienced this recently?

    ReplyDelete
  26. The issue is still ON and we (The affected users) has come together in an email loop and included Philipp (Blogoscoped). Philipp has a post on the issue here: http://blogoscoped.com/archive/2009-05-19-n84.html

    ReplyDelete
  27. including a unibody aluminum shell, pill-shaped volume buttons, hotmail.com sign up email

    ReplyDelete

Note: Only a member of this blog may post a comment.