Google just fixed a flaw that let attackers brute-force recovery phone numbers in seconds - putting millions at risk of SIM swaps and account takeovers.
The catch? It abused an old, disabled-JS recovery form and cleverly leaked user names via Looker Studio.
CheckDot ( CDT ) is SAFU