Latest Posts

New Security Vulnerability Allows Hackers to Access Google Accounts Without Passwords

- Advertisement -

Security experts from CloudSEK have uncovered a novel security loophole. It enables hackers to gain unauthorized access to users’ Google accounts without the need to crack their passwords.

Please follow us on Twitter and Facebook

The vulnerability was first disclosed on a Telegram channel on October 20, 2023. Cybersecurity professionals later incorporated it into a hacking tool called Lumma Infostealer.

Exploiting Third-Party Cookies for Unauthorized Access

The malware leverages third-party cookies to achieve unauthorized access to user data. Hackers can maintain continuous access to the user’s Google account even if the user changes the password.

- Advertisement -

The issue lies in Google’s authentication cookies, which facilitate convenient login across various platforms without the need to repeatedly enter credentials. Unfortunately, cybercriminals can collect these cookies through this method, bypassing Two-Factor Authentication (2FA) protection.

Hackers Breach Google Accounts Security, Bypassing passwords (1)

Google’s Response and Chrome Developers’ Statement

Google is actively addressing the problem, with Chrome developers, the most widely used browser, stating in a release that “Google has taken measures to secure any compromised accounts that are detected.”

- Advertisement -

Read Also: Bluetooth’s Security Risk: Remote Control Vulnerability Leaves Android, iOS, And More Devices Exposed

Recommended Action to Prevent Google Accounts

Both Google and CloudSEK recommend a crucial step to mitigate potential issues: “resetting” these credentials. “If you suspect your account may be compromised, or as a general precaution, log out of all profiles in the browser to invalidate current session tokens.”

They further advise, “Next, change your password and log back in to generate new tokens. Changing the password locks out unauthorized access by invalidating the old tokens upon which data thieves depend, providing a crucial barrier to the continued functionality of the exploit”.

Read Also:

Understanding WhatsApp’s Secret Code: New Security Feature Protecting And Hiding Your Most Private Chats

Latest Posts

Don't Miss