[ALERT] Your Google account can be hacked without passwords: Report

Hackers Exploit Undocumented OAuth2, Gaining Unauthorized Access to Google Accounts Without Passwords

The alarming emergence of a new cyber threat has revealed that hackers can now gain unauthorized access to Google accounts without needing passwords. This dangerous form of malware, first disclosed by a hacker on Telegram, exploits undocumented OAuth2 functionality, enabling access to individuals’ private data even after implementing Google’s two-factor authentication. CloudSEK, a cybersecurity firm, detailed the threat in a report titled ‘Compromising Google Accounts: Malware Exploiting Undocumented OAuth2 Functionality for session hijacking.’ The exploit allows continuous access to Google services post-password reset, emphasizing the need for vigilant monitoring to combat evolving cyber threats.

According to the CloudSEK report, cybercriminals leverage third-party cookies for unauthorized entry, a tactic that exposes the complexity and stealth of modern cyber-attacks. Pavan Karthick M, a threat intelligence researcher at CloudSEK, emphasized the importance of continuously monitoring technical vulnerabilities and human intelligence sources to stay ahead of emerging threats.

The hacker’s revelation on Telegram sparked concerns about data access through website cookies. This threat poses a significant challenge, as it allows continuous access to Google services even after users reset their passwords. CloudSEK underscored the necessity of ongoing vigilance and proactive measures to counteract such cyber threats.

In response to the threat, Google assured users that it routinely enhances its defences against such techniques and takes action to secure compromised accounts. The company recommended users remove any malware from their computers and enable Enhanced Safe Browsing in Chrome for protection against phishing and malware downloads.


This website uses cookies. By continuing to use this site, you accept our use of cookies.