163 views 14 secs 0 comments

Hackers can now take control of your Google Account without needing a password. Here’s how it works

In Consumer Alerts, Vulnerabilities
January 07, 2024

Livemint reports:

Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset.

The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first came to the fore when a hacker posted about it on a Telegram channel in October 2023.

The Independent report noted how Google accounts could be compromised due to a vulnerability in third-party cookies, which are used by websites and browsers to track users and increase their efficiency.

[…]

The blogpost by CloudSEK noted, “This exploit enables continuous access to Google services, even after a user’s password is reset…It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.”

Read more at Livemint.