The worm also sent itself out to all of the affected users’ contacts reproducing itself hundreds of times any time a single user fell for it.The email that delivered it also appeared to come from someone users already know. Its goal was to manage users’ email account. With control of Gmail account, scammers can harvest any personal data its user ever sent or received in an email. The vulnerability was exposed for only about one hour, and a spokesperson told the media that it affected “fewer than 0.1 percent of Gmail users”, which would still be about 1 million. Google said it had “disabled” the malicious accounts and pushed updates to all users. Users must delete the phishing email, if received. If they were really affected, they must revoke access to “Google Docs” and, of course, change the Google account password.