Livemint reports:
Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset.
The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first came to the fore when a hacker posted about it on a Telegram channel in October 2023.
The Independent report noted how Google accounts could be compromised due to a vulnerability in third-party cookies, which are used by websites and browsers to track users and increase their efficiency.
[…]
The blogpost by CloudSEK noted, “This exploit enables continuous access to Google services, even after a user’s password is reset…It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.”
Read more at Livemint.