Google has given explanation about the recently reported Gmail security vulnerability that caused some website owner to loose their domain names to third parties. According to Google that was not a security vulnerability in Gmail while its cause was a phishing scheme. Google also clearly said about the CSRF bug reported in September,2007 but Gmail team is able to fix that security bug within 24 hours. Google also said that neither this bug nor any other Gmail bug was involved in the December 2007 domain theft.
Its always better to use https://gmail.com while accessing the Gmail. Gmail users can easily enable this feature by simply going to settings and enabling always use “https”.
Source : Gmail security and recent phishing activity
