
Gmail Incoming Email DDoS Vulnerability - deckar01
https://twitter.com/deckar01/status/914862487341854720
======
deckar01
Apparently it is fairly trivial to DDoS a Gmail account's inbox. An attacker
completely shut off my (and several other developers') incoming email for 3
days and counting. The attack is apparently using a script to register me to
tons of WordPress sites. The deluge of spam is tripping Gmail's daily incoming
email limit, which causes incoming emails to bounce.

This attacker is targeting contributors to an open source software project
(CTFd [0]) that is focused on promoting computer security.

Other gmail forum posts indicate that the same attack has been used in the
past to silence suspicious activity notifications while attacking a secondary
account.

[0]: [https://github.com/CTFd/CTFd](https://github.com/CTFd/CTFd)

