Nigeria, June 9 -- Google has fixed a bug that could have allowed attackers to find the recovery phone number linked to nearly any Google account without the owner knowing.

The flaw, discovered by an independent researcher known as brutecat, affected the account recovery feature and was reported to the company in April.

The issue involved a chain of actions that worked together to beat Google's security checks.

The researcher found out the display name of a target account and then bypassed the system that blocks too many password reset requests.

This opened the door for a script to test different phone number combinations until the correct one was found.

According to the researcher, the process could take less than 20 minutes dependi...