Security experts from CloudSEK have uncovered a novel security loophole. It enables hackers to gain unauthorized access to users’ Google accounts without the need to crack their passwords.
Please follow us on Twitter and Facebook
The vulnerability was first disclosed on a Telegram channel on October 20, 2023. Cybersecurity professionals later incorporated it into a hacking tool called Lumma Infostealer.
Exploiting Third-Party Cookies for Unauthorized Access
The malware leverages third-party cookies to achieve unauthorized access to user data. Hackers can maintain continuous access to the user’s Google account even if the user changes the password.
The issue lies in Google’s authentication cookies, which facilitate convenient login across various platforms without the need to repeatedly enter credentials. Unfortunately, cybercriminals can collect these cookies through this method, bypassing Two-Factor Authentication (2FA) protection.
Google’s Response and Chrome Developers’ Statement
Google is actively addressing the problem, with Chrome developers, the most widely used browser, stating in a release that “Google has taken measures to secure any compromised accounts that are detected.”
Recommended Action to Prevent Google Accounts
Both Google and CloudSEK recommend a crucial step to mitigate potential issues: “resetting” these credentials. “If you suspect your account may be compromised, or as a general precaution, log out of all profiles in the browser to invalidate current session tokens.”
They further advise, “Next, change your password and log back in to generate new tokens. Changing the password locks out unauthorized access by invalidating the old tokens upon which data thieves depend, providing a crucial barrier to the continued functionality of the exploit”.
Read Also: