Google is “working diligently” to eliminate a weakness that could allow perpetrators to steal the sensitive data of Google Calendar users, the company stated in an update to the Help page for the service.
“We’re aware of the spam occurring in Calendar and are working diligently to resolve this issue. We’ll post updates to this thread as they become available ... Thank you for your patience,” the company told its users.
A hacker could exploit a default setting that automatically adds events into a user’s calendar if he or she gets a corresponding invitation via email, even if it is spam. After one clicks an event in the Google app, he or she is re-directed to an official-looking page that asks the user to provide sensitive info, including financial details.
While the company is still trying to fix the mechanism, it urges clients to be on the lookout and report any unsolicited invites as spam, which would delete the connected event and all other events by its organiser from the client's calendar.
The Independent points out that although the simple scam was first discovered two years ago, the tech giant has been working to fix it only recently. In the meantime, the number of Gmail and Calendar apps users is about 1.5 billion people, as the services are available to anyone who has a Google account.