Plaxo online address book service warns of security breach

Online address book service Plaxo has confirmed that an unknown malicious third-party gained access to the company’s API connection to Google’s address book and calendar. As a result of the security breach, Google took precautionary measures and temporarily disabled the connection, and sent Google account holders a “Suspicious sign in prevented” email advising them that a hijacker was trying to access their account.

Read more on The H.

On its blog, Plaxo explained what happened:

Google and Plaxo detected a malicious party misusing Plaxo’s server connection to Google as a means to login to Google accounts using a set of credentials the malicious party obtained on their own. These credentials were not obtained from Plaxo. This party used a function we call the AB Widget which we had slated for retirement to access those accounts hiding behind Plaxo’s proxy.

About the author: Dissent

Comments are closed.