Google accounts can be accessed without passwords! Hackers can acquire control via cookies; know how
Google accounts are considered safe if the password is strong enough. Well, that is old news, at least that is what this new report is saying. According to CloudSek, hackers have found a way to access Google accounts without passwords! So, is your Google account safe from hackers? The report says that hackers have used a form of malware that utilises third-party cookies to illegally enter users’ Google accounts and they have free run on whatever data that it has. In effect, the potential to compromise private and professional lives of millions of users is very much there.
Compromised by Cookies
What is even more surprising is the fact that it was not revealed by any security agency or corporation, rather, it was outed by a hacker when he posted about it on a Telegram channel boasting about the exploit in October 2023. The Telegram post even indicated the method used – cookies.
What are cookies?
According to Google, these are small pieces of text sent to users’ web browser by any website they visit. Cookies help that website remember information about their visit, which can both make it easier to visit the site again and make the site more useful to the users.
We are now on WhatsApp. Click to join.
How hackers did it
The job of cookies is to make users’ life easier, as explained above, but in this instance, they were used for hacking purposes. In fact, hackers devised a method to hijack these cookies and circumvent the security features present, including 2-factor authentication.
What Google is doing about it
The Tech giant is reportedly working on a solution to ensure that the breach is sealed permanently and the Google Chrome browser security is up and running.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” a report by the Independent quoted Google as saying.
“In this instance, Google has taken action to secure any compromised accounts detected,” Google added.
What you can do about it
While for Google, keeping hackers at bay is a daily exercise, users can do something about it too to ensure they stop cybercriminals from accessing their private data.
The most important thing for users to do is ensure there is an effective anti-virus software on their device and to daily check if malware has infiltrated it and if found, to remove it. Google recommends turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.
What CloudSek recommends:
In its report, CloudSek says, “While we await a comprehensive solution from Google, users can take immediate action to safeguard against this exploit. If you suspect your account may have been compromised, or as a general precaution, sign out of all browser profiles to invalidate the current session tokens. Following this, reset your password and sign back in to generate new tokens.”
It added, “Resetting your password effectively disrupts unauthorized access by invalidating the old tokens which the infostealers rely on, thus providing a crucial barrier to the continuation of their exploit.”
What Google generally recommends: In case you want to secure a hacked or compromised Google Account, you can get back into your account, and make it more secure.
Step 1: Try to sign in to your Google Account. And if you cannot, go to the account recovery page, and answer the questions as best you can to try and recover control of your account.
I. When should you use the account recovery page if:
- Someone changed your account info, like your password or recovery phone number.
- Someone deleted your account.
- You can’t sign in for another reason.
II. What more can you do to find out if you have been hacked?
- Go to your Google Account.
- On the left navigation panel, select Security.
- On the “Recent security events” panel, select Review security events.
- Check for any suspicious activity: If someone other than you had accessed your Google account – “Select No, it wasn’t me.” Thereafter, follow the steps on the screen to help secure your account.
CloudSek provided the Timeline of events:
October 20, 2023: The exploit is first revealed on a Telegram channel. (Figure 1)
November 14, 2023: Lumma announces the feature’s integration with an advanced blackboxing approach. The feature started Booming because of the Security Field posting about Lumma’s unique feature. (Appendix 1)
Rhadamanthys Nov 17: Rhadamanthys announces the feature with similar blackboxing approach as Lumma (Appendix 6)
November 24, 2023: Lumma updates the exploit to counteract Google’s fraud detection measures. (Appendix 7)
Stealc Dec 1 , 2023 – Implemented the google account token restore feature (Appendix 4)
Meduza Dec 11, 2023 – Implemented the google account token restore feature (Appendix 5)
RisePro Dec 12, 2023 – Implemented the google account token restore feature (Appendix 3)
WhiteSnake Dec 26, 2023 – Implemented the google account token restore feature (Appendix 2)
Dec 27, 2023 – Hudson Rock posts video from Darkweb where a hacker shows exploiting the generated cookies
Also, read these top stories today:
CES 2024 coming!
Sam Altman may not attend CES 2024, but that does not mean it will be short of movers and shakers. The generative AI fever Altman’s startup set off last year will be on full display as gadget makers race to find consumer uses for the technology. Some interesting details in this article. Check it out here.
Big Tech Breakthrough by China?
A new laptop by Huawei has set alarm bells ringing of a new chip breakthrough by China. Know the truth here.
If you enjoyed reading this article, please forward it to your friends and family.
Setback for YouTube over employees!
The court just sided with the staff. Jump in here.
Found it interesting? Go on, and share it with everyone you know.
One more thing! HT Tech is now on WhatsApp Channels! Follow us there so you never miss any update from the world of technology. To follow the HT Tech channel on WhatsApp, click here to join now!
Google accounts are considered safe if the password is strong enough. Well, that is old news, at least that is what this new report is saying. According to CloudSek, hackers have found a way to access Google accounts without passwords! So, is your Google account safe from hackers? The report says that hackers have used a form of malware that utilises third-party cookies to illegally enter users’ Google accounts and they have free run on whatever data that it has. In effect, the potential to compromise private and professional lives of millions of users is very much there.
Compromised by Cookies
What is even more surprising is the fact that it was not revealed by any security agency or corporation, rather, it was outed by a hacker when he posted about it on a Telegram channel boasting about the exploit in October 2023. The Telegram post even indicated the method used – cookies.
What are cookies?
According to Google, these are small pieces of text sent to users’ web browser by any website they visit. Cookies help that website remember information about their visit, which can both make it easier to visit the site again and make the site more useful to the users.
We are now on WhatsApp. Click to join.
How hackers did it
The job of cookies is to make users’ life easier, as explained above, but in this instance, they were used for hacking purposes. In fact, hackers devised a method to hijack these cookies and circumvent the security features present, including 2-factor authentication.
What Google is doing about it
The Tech giant is reportedly working on a solution to ensure that the breach is sealed permanently and the Google Chrome browser security is up and running.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” a report by the Independent quoted Google as saying.
“In this instance, Google has taken action to secure any compromised accounts detected,” Google added.
What you can do about it
While for Google, keeping hackers at bay is a daily exercise, users can do something about it too to ensure they stop cybercriminals from accessing their private data.
The most important thing for users to do is ensure there is an effective anti-virus software on their device and to daily check if malware has infiltrated it and if found, to remove it. Google recommends turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.
What CloudSek recommends:
In its report, CloudSek says, “While we await a comprehensive solution from Google, users can take immediate action to safeguard against this exploit. If you suspect your account may have been compromised, or as a general precaution, sign out of all browser profiles to invalidate the current session tokens. Following this, reset your password and sign back in to generate new tokens.”
It added, “Resetting your password effectively disrupts unauthorized access by invalidating the old tokens which the infostealers rely on, thus providing a crucial barrier to the continuation of their exploit.”
What Google generally recommends: In case you want to secure a hacked or compromised Google Account, you can get back into your account, and make it more secure.
Step 1: Try to sign in to your Google Account. And if you cannot, go to the account recovery page, and answer the questions as best you can to try and recover control of your account.
I. When should you use the account recovery page if:
- Someone changed your account info, like your password or recovery phone number.
- Someone deleted your account.
- You can’t sign in for another reason.
II. What more can you do to find out if you have been hacked?
- Go to your Google Account.
- On the left navigation panel, select Security.
- On the “Recent security events” panel, select Review security events.
- Check for any suspicious activity: If someone other than you had accessed your Google account – “Select No, it wasn’t me.” Thereafter, follow the steps on the screen to help secure your account.
CloudSek provided the Timeline of events:
October 20, 2023: The exploit is first revealed on a Telegram channel. (Figure 1)
November 14, 2023: Lumma announces the feature’s integration with an advanced blackboxing approach. The feature started Booming because of the Security Field posting about Lumma’s unique feature. (Appendix 1)
Rhadamanthys Nov 17: Rhadamanthys announces the feature with similar blackboxing approach as Lumma (Appendix 6)
November 24, 2023: Lumma updates the exploit to counteract Google’s fraud detection measures. (Appendix 7)
Stealc Dec 1 , 2023 – Implemented the google account token restore feature (Appendix 4)
Meduza Dec 11, 2023 – Implemented the google account token restore feature (Appendix 5)
RisePro Dec 12, 2023 – Implemented the google account token restore feature (Appendix 3)
WhiteSnake Dec 26, 2023 – Implemented the google account token restore feature (Appendix 2)
Dec 27, 2023 – Hudson Rock posts video from Darkweb where a hacker shows exploiting the generated cookies
Also, read these top stories today:
CES 2024 coming!
Sam Altman may not attend CES 2024, but that does not mean it will be short of movers and shakers. The generative AI fever Altman’s startup set off last year will be on full display as gadget makers race to find consumer uses for the technology. Some interesting details in this article. Check it out here.
Big Tech Breakthrough by China?
A new laptop by Huawei has set alarm bells ringing of a new chip breakthrough by China. Know the truth here.
If you enjoyed reading this article, please forward it to your friends and family.
Setback for YouTube over employees!
The court just sided with the staff. Jump in here.
Found it interesting? Go on, and share it with everyone you know.
One more thing! HT Tech is now on WhatsApp Channels! Follow us there so you never miss any update from the world of technology. To follow the HT Tech channel on WhatsApp, click here to join now!
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.