SECURITY researchers have uncovered a hack that allows cybercriminals to gain access to people’s Google accounts without needing their passwords. Analysis from security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people’s private data and is already being actively tested by hacking groups. Google authentification cookies allow users to access their accounts without constantly having to enter their login details, however the hackers found a way to retrieve these cookies in order to bypass two-factor authentication. In this instance, Google has taken action to secure any compromised accounts detected,” Google said in a statement. “This exploit enables continuous access to Google services, even after a user’s password is reset,” Pavan Karthick M, a threat intelligence researcher at CloudSEK, wrote in a blog post detailing the issue.

Source: Nigerian Tribune January 10, 2024 02:49 UTC