ONE billion people have been exposed to hackers by a major flaw in a popular Google app.
The loophole allows cyber crooks to flood your Google Calendar with phoney invites in an attempt to steal your bank details.
It takes advantage of the fact that Google Calendar allows invitations and events to be automatically added to someone's Calendar when sent by email, even if they're from a stranger.
Unwanted events then appear as a notification in the Google Calendar app.
If clicked on, they lead you to a hoax website that asks you to plug in your personal and financial details.
Google says it is “working diligently” to fix the flaw, which has plagued Calendar users for years.
"We’re aware of the spam occurring in Calendar and are working diligently to resolve this issue," Google wrote in an update to its Calendar Help page.
"We’ll post updates to this thread as they become available... Thank you for your patience."
As many as 1.5billion people across the globe use Gmail's Calendar and Gmail apps, which you are automatically signed up for whenever you open a Google account.
Scammers first began using the hoax in 2017, but the search giant is only just addressing it.
How to turn off automatic invites on Google Calendar
These are the steps you should take to protect yourself from the scam...
- Open your Google Calendar and click on "Settings"
- Then scroll down the menu and click on "Event settings"
- Under the section which reads "Automatically add invitations" you need to click on the dropdown menu and select "No, only display invitations to which I have replied"
- Then scroll slightly below to the "View options" section and make sure "Show declined events" is not selected
- After this you should be protected
You can stop fake invites coming through by heading to your Google Calendar settings.
Hit "Event Settings", and under the section "Automatically add invitations", select "No".
Google says your should report any suspicious events as spam. This will remove all invitations from that organiser from your calendar.
"Spam calendar invitations can include both unwanted and malicious content that deceive users, similar to spam email," a Google spokesperson told The Sun.
"Google is constantly improving our ability to keep unwanted and malicious content from our users."
A Google Cloud spokesperson added: "Google is not aware of any security bugs due to the software itself."
And, Google's Gmail recently caused mass panic with an accidental ‘hack warning’ message urging users to change their passwords.
Have you noticed any Google Calendar issues? Let us know in the comments...
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at firstname.lastname@example.org