Google accounts can be accessed without passwords! Hackers can acquire control via cookies, know how
06.01.2024 - 18:47
/ tech.hindustantimes.com
Google accounts are considered safe if the password is strong enough. Well, that is old news, at least that is what this new report is saying. According to CloudSek, hackers have found a way to access Google accounts without passwords! So, is your Google account safe from hackers? The report says that hackers have used a form of malware that utilises third-party cookies to illegally enter users' Google accounts and they have free run on whatever data that it has. In effect, the potential to compromise private and professional lives of millions of users is very much there.
What is even more surprising is the fact that it was not revealed by any security agency or corporation, rather, it was outed by a hacker when he posted about it on a Telegram channel boasting about the exploit in October 2023. The Telegram post even indicated the method used - cookies.
According to Google, these are small pieces of text sent to users' web browser by any website they visit. Cookies help that website remember information about their visit, which can both make it easier to visit the site again and make the site more useful to the users.
We are now on WhatsApp. Click to join.
The job of cookies is to make users' life easier, as explained above, but in this instance, they were used for hacking purposes. In fact, hackers devised a method to hijack these cookies and circumvent the security features present, including 2-factor authentication.
The Tech giant is reportedly working on a solution to ensure that the breach is sealed permanently and the Google Chrome browser security is up and running.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” a report by the Independent quoted Google as saying.
"In this instance, Google has taken action to secure any compromised accounts detected,” Google added.
While for Google, keeping hackers at bay is a daily exercise, users can do something about it too to ensure they stop cybercriminals from accessing their private data.
The most important thing for users to do is ensure there is an effective anti-virus software on their device and to daily check if malware has infiltrated it and if found, to remove it. Google recommends turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.
In its report, CloudSek says, “While we await a comprehensive solution from Google, users can take immediate action to safeguard against this exploit. If you suspect your account may have been compromised, or as a general precaution, sign out of all browser profiles to invalidate the current session tokens. Following this, reset your