
Gmail Glitch Is Causing 1000s Of Emails To Be Sent To One Man’s Hotmail Account - coloneltcb
http://techcrunch.com/2014/01/24/gmail-glitch-is-causing-thousands-of-emails-to-be-sent-to-one-mans-hotmail-account/
======
blauwbilgorgel
I filed a bug report about this 3 months ago. I did completely agree this is
not likely to be a serious security issue (only a few indexed emails will
contain phonenumbers or private information, even less likely private as
Googlebot must have publicly found these links online, though some message
bodies did hint at stuff like password resets).

It is worth looking into from an SEO perspective, site (index) health
perspective and to ultimately prevent/minimize problems like these.

In my opinion these links do not belong in the index.
[https://mail.google.com/mail/](https://mail.google.com/mail/) should have
been the Canonical. Big companies expose the contents of SMS messages, who
contacts who, and sometimes even what their users search for.

Now these pre-filled "to"-field links were picked up by accident with the
automated sitelinks algorithm. It could have contained a pre-filled "body"
too, maybe some spam or maybe a crude online link to make an appointment and
have certain fields filled in.

Webmasters can prevent this by specifying Canonical and cultivating the search
index quality by only letting bots index unique quality pages, not for example
have pages and pages of user-generated search results (Consider noindexing
/search/results/), open redirect link(spam), or indexing every possible way a
user may change your URL parameters and posting a link of that somewhere to be
picked up by the search bots.

------
jsmthrowaway
I have so many questions after finishing that article, but first to come to
mind is: who puts a HTML FAQ in their e-mail signature? Seriously, who does
that?

~~~
clarkm
I was going to ask the same about googling "gmail", clicking the second link,
and _actually sending_ a blank email. But apparently the answer is "thousands
of people" a day.

I learn something new about users every day.

~~~
edavis
It's probably healthy for us "web people" to get a reminder every so often
that vast swaths of humanity use computers in ways that are nearly
incomprehensible to us.

~~~
vinhboy
YUP. IF YOU EVER WORK IN WEB SUPPORT. YOU WILL SOON REALIZE HALF OF THE PEOPLE
ON THE INTERNET HAVE BROKEN CAPLOCK BUTTONS.

~~~
Aldo_MX
The Mac Keyboard has a broken Caps Lock button "by design"; you can't press it
too fast.

[http://support.apple.com/kb/ht1192](http://support.apple.com/kb/ht1192)

~~~
userbinator
The world's fastest typist, Sean Wrona, would abhor that - he uses capslock
instead of shift(!) He can go 200WPM+ so, clearly he's doing something
right...

~~~
stormbrew
I assume there's a point in overall speed where the slowdown from caps-up/down
-> letter-up/down -> caps-up/down is worth the reliability drop from
coordinating shift-down -> letter-up/down -> shift-up. I think I hit that
point sometimes entering passwords and other frequently entered info, but the
reality is for most typing none of us get there.

------
stackcollision
This is quite possibly the most hilarious bug I've ever seen.

What I really want to know is who the hell actually googles "gmail"? There's a
link at the top of the homepage!

~~~
dagw
In Chrome and Firefox, if you lazily type "gmail" into the address bar rather
than "gmail.com" then it will google it for you. I suspect it's rather common,
I know I've done it a few times by accident.

~~~
jaredmcateer
By default typing "gmail" in Chrome's omnibar it will autocomplete to
"gmail.com" If you've ever typed it out before.

~~~
marquis
I have watched people google 'gmail' and ignoring the autocomplete, but
clicking on the link that comes up in the search. At some point people were
told "do it this way" and to change that would require a 30-minute handholding
and de-education session.

~~~
Raphmedia
I consider myself as an experienced internet and computer user, but sometime I
simply write "gmail" and then click on the first link instead of writing the
".com". Go figure.

~~~
saraid216
There really isn't a one-to-one mapping between quantity of experience and
behavior exhibited.

------
VMG
This is ridiculous... the search result really links to

    
    
        https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=dsp559@hotmail.com

~~~
new_test
Someone's getting fired tonight.

~~~
deletes
Does google fire over single( assuming ) mistakes. I didn't think they were
that kind of company. Isn't there a voting to determine that?

~~~
birken
There is no way Google (or I assume any good employer) would fire an employee
would for such a mistake. Mistakes happen, they are a part of life in the
technical world. You work really hard to make sure the mistakes are minor
(which this one is) and fixable, but they are going to happen.

Losing data is really really bad, and if it happens it better be minor and
there better be extreme circumstances. If a service goes down, that is bad but
shit happens sometimes. Something minor like this is going to make for an
entertaining post-mortem, but nothing more. I'm sure Google will do something
nice for the person who was affected by it.

Easy rule of thumb for operations: Never make the same mistake twice. You
learn from every mistake, but new and amazing ways for things to break are
always going to happen.

Source: I worked at Google in operations and made mistakes that were far worse
than this

~~~
zeidrich
Firing people for making mistakes is a surefire way to ensure that when
someone makes a mistake they will do everything they can to cover it up rather
than take appropriate action to correct it.

~~~
corin_
There's also an argument that it makes sure other people will be more careful
with their work to try to avoid mistakes. I don't think it's the way to go,
but there certainly are managers in the world who do. (Hopefully a vast
minority.)

------
trevin
It's not limited to a small number of Gmail accounts. If you use some
additional search parameters you'll see a ton of compose URLs showing up in
the SERPs

Searching:

site:mail.google.com gmail inurl:?to=

gave me nearly 25,000 results. Some have subject lines too.

EDIT: Here are the first 100 URLs for the search above:
[http://pastebin.com/X1yTW7Pr](http://pastebin.com/X1yTW7Pr)

~~~
marquis
I am seeing some private emails with subjects AND body, apparently spam but
sometimes half-written content like "Dear John,". Someone build a spam bot and
left the links out for indexing?

~~~
vanmount
A few of those could be Drafts... So maybe Google indexed the drafts of its
users?

~~~
bnr
No, those links have the subject and body set in the url.

------
thrownaway2424
Hopefully Google will send this innocent bystander a valuable collectible
Scroogled mug.

------
TrainedMonkey
This is craziest thing I saw this year. And I've been watching The Daily Show,
so there are no shortage of crazy things.

In any case, I really look forward to explanation how the hell something like
this could ever happen.

~~~
claudius
But, to be fair, it is only the 24th of January, so there might well be many
more crazy things for us in stock. Though Google linking directly to mail some
poor Hotmail account will be hard to top, yes.

------
mattparcher
This made me laugh:

 _...he contacted Hotmail support this morning to try to get help. Ironically,
he asked them to contact him at his alternate email address, which is Gmail._

~~~
yeukhon
But then this is surprisingly quick. A few years back support email could take
a month... that was my experience.

~~~
atmosx
+100 because we're talking about hotmail (microsoft) here.

~~~
yeukhon
+200 for additional bounty to have Gmail do customer support quickly too. (Oh
remember the time when everyone had an adsense account? Boy that could take up
to two months to get an initial reply.)

------
krapp
Not to worry though. By the time Google's driving our cars for us, glitches
like this will have been sorted out.

~~~
erichurkman
Repeat this bug for the self-driving cars and you'd end up with thousands of
cars driving to some random guy's house.

That'd certainly be an interesting news story.

------
yeukhon
[https://www.google.com/#q=site:mail.google.com+gmail+inurl:%...](https://www.google.com/#q=site:mail.google.com+gmail+inurl:%3Fto%3D+google)
[https://www.google.com/#q=site:mail.google.com+gmail+inurl:%...](https://www.google.com/#q=site:mail.google.com+gmail+inurl:%3Fto%3D+yeukhon)
this one has a template

------
nashashmi
off topic, but the one thing that I hate about google search results is that
they are all linked to google.com/url? __ __*. Sometimes my internet will crap
out just because of this. Because google 's server is too slow to redirect.

~~~
dclara
I guess this is for CPC. But it should not be applied on the organic results.

It's unbelievable that Google can redirect so many hits at the same time even
only on one local server cluster.

I've a review collecting the reports about how many Google servers here:
[http://bit.ly/1fcluBA](http://bit.ly/1fcluBA): 900,000 (2010)

~~~
dangrossman
> I guess this is for CPC. But it should not be applied on the organic
> results.

It's been used on all SERPs for months now, ever since Google became extra
privacy conscious. It prevents search queries from leaking to site owners via
the referrer HTTP header.

~~~
userbinator
I don't agree that Google should be the one doing this, most browsers have a
setting for referer like off/on/same-domain-only and if someone wants privacy
they can set it the way they like.

It's also extremely irritating if you're copying a link to the site from
Google.

~~~
dinkumthinkum
How many users even realize that is a thing?

------
vezzy-fnord
This reminds me of a story on an Australian comedy show where the host gave
out an unusual telephone number, calling it "Satan's phone number". Turns out
it was a valid number that belonged to some poor sap who got inundated with
phone calls. Unfortunately, I can't seem to find a source after reading this
years ago, so if anyone can confirm this as real or a hoax, step up.

But this really makes me wonder what kind of architectural mishap has had to
occur for this to happen? Either way, the poor guy just became a celebrity.
Hope he gets some benefit out of it.

~~~
dictum
[https://en.wikipedia.org/wiki/867-5309/Jenny#Popularity_and_...](https://en.wikipedia.org/wiki/867-5309/Jenny#Popularity_and_litigation)

------
Kluny
They're trying to reach Gmail for a comment, but they can't, cause Gmail is
down. It's funny. It's also made me realize that I should switch to email
provider that I have more control over.

------
gfodor
if this happened to me i would probably ask myself if i am living in a
simulation or something.

~~~
joaorj
how could this be a sign that you are living in a simulation?

~~~
gfodor
if one googless "gmail" and sees the top link opening a compose e-mail to your
e-mail address, one probably starts to question reality or if they are in a
dream, because it's so insane. its not like winning the lottery or getting hit
by lightning, it seems more rare than that because it's an unexpected event
that is tied to you. basically the emotional equivalent of going to times
square and seeing your picture on one of the big screens with no explanation.
fucking crazy.

------
izzydata
I sent him an email. I'm pretty sure that's what this article was wanting me
to do.

------
daviddoran
The actual behaviour (the link with a random email address) is so far from the
expected behaviour I'm finding it hard to believe how it happened. Probably
search indexing/ranking error as others have speculated.

------
btown
I wonder if someone messed up the robots.txt on Gmail - and then their crawler
started indexing individuals' Gmail accounts?

~~~
maxerickson
The crawler hopefully wouldn't be logged in as everyone.

I guess the links are just posted to pages by accident.

------
yaw
Yesterday the GMail App for iOS glitched on me as well. At one point the
number of unread emails went to over 2k (in reality about 200), and then
notifications for the app got enabled (usually disabled). Nothing major, just
minor annoyances.

I didn't think much about it until today's events. Coincidence?

------
hcarvalhoalves
That's priceless. I would sell all inbound addresses on the spam market as
high-quality leads. >:)

~~~
eli
Those are just valid email addresses (and names, I guess). High-quality leads
would be a list of people who are already especially qualified or interested
in whatever you're pitching.

~~~
0x0
If they are actually composing and sending an email without checking what's
going on, I guess that says something about those users' personalities... :)

~~~
hcarvalhoalves
You got it. _evil laugh_

------
rubycowgames
Bad sitelink
([https://support.google.com/webmasters/answer/47334?hl=en](https://support.google.com/webmasters/answer/47334?hl=en))
selection there.

------
nollidge
I don't get how this is happening. Why are those links even in the search
results?

Also it's not showing either of those sub-items for me when I google "gmail",
so I wonder if it's fixed now.

------
jfb
The one guy on the Internet who is happy that Google fell over today?

------
bhartzer
I am not sure it's a glitch. It could be someone link bombed it.

------
mariuolo
The recipient should put those emails on a website for everyone to see, along
with a description of the issue.

Sometimes public shaming is the only way to push big firms into action.

------
Pxtl
Seems fixed, I google gmail and I don't see the link.

------
Aoyagi
The poor "upgrade" script, which was the reason for the outage, confused that
guy's address with NSA's. Tragic story.

------
coreymgilmore
I must say, all the news about this outage is crazy. Emailing random people,
strange search indexing, gmail down for 1+ hour! Nutty

------
rajbala
That guy should buy a lottery ticket posthaste.

------
bitstorm999
And the other link on the search results page [Gmail - Google] points to
material@asvd.sasf.ch

------
presspot
This is what stands for news at Techcrunch?

------
knassy
And he lives in Wyoming right?

------
ashishb4u
I see jeff.morse@d214.org

------
bhhaskin
That is great! Poor guy.

------
systems
emails can sometime include passwords or pass reset link

this is extrememly dangerous

how can we find out if we were affected

~~~
sejje
He's not getting emails addressed to you, relax and read about the actual bug.

------
baconner
Let me guess nsa@hotmail.com?

------
danrockwelljr
It's not a "Gmail Glitch", seems like an index error by Google search, his
email was indexed in the site links for "Gmail". I assume that due to the
outage searches for "Gmail" spiked, so has his inbox was ddos'd.

~~~
dudus
I agree it seems more like a Google Search glitch. The title should be
updated.

