Less of a security issue than it is a social awkward one, but a new bug discovered in Google’s Calendar service is making headlines this afternoon. Here’s what has everyone up in arms. As discovered by developer Terence Eden, when creating a new Calendar event, it’s possible to enter someone’s email address into the title, at which point they will receive an invite to join that event — regardless if the event is marked private.
While the odds of something like this happening in the real-world aren’t very likely, one scenario has a woman reminding herself to email her boss email@example.com about a raise increase. You can only imagine the unconformable situation that could arise after her boss accepts (or rather, declines) the event. Less savory individuals would also be able to spam someone else’s calendar by taking advantage of this loophole.
According to The Verge, Google is already working on a fix so don’t go losing any sleep over it.