Google Accounts Compromised by Hackers Without the Need for Passwords
The development came soon after Google made the switch from passwords to passkeys.
- Security researchers have discovered a method of hacking that allows cybercriminals to access Google accounts without having login credentials.
- Google accounts are potentially vulnerable through authentication cookies, circumventing two-factor authentication.
Researchers from CloudSEK have discovered a new hack where cybercriminals use a type of malware to access Google accounts without ever needing passwords during the process. According to the research, the malware exploits third-party cookies to access private data from compromised accounts.
CloudSEK first detected the threat in October 2023 on a Telegram channel advertised by a threat actor called PRISMA. The problem is rooted in a major vulnerability arising from the cookie generation process. During an attack, hackers use session persistence practices that allow their sessions to remain valid despite changes in credentials.
See More: Russia’s Sandstorm Was in Kyivstar Network for Six Months Before Executing Massive Attack
The researchers have stated that hackers can gain continuous access to Google accounts by generating persistent Google cookies. Accounts remain compromised even if the passwords are changed later on.
As of now, Google has yet to come up with a complete solution to the vulnerability. Security researchers have recommended that users who suspect their accounts are hacked should log out of all devices and browsers completely for now.
The development is expected to highlight the growing global debate on the effectiveness of passwords and associated tools. Google itself has already started its shift from passwords to passkeys.
What best practices does your organization follow to mitigate malware threats? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock