Security researchers have recently discovered a sophisticated hacking technique that enables cyber criminals to gain unauthorized entry into individuals’ Google accounts without passwords.
In-depth analysis conducted by security firm CloudSEK reveals that a particularly malicious form of malware exploits third-party cookies to gain access to sensitive personal data. This hacking method is already being actively tested by various hacking groups.
The exploit was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.
The post noted how accounts could be compromised through a vulnerability with cookies, which are used by websites and browsers to track users and increase their efficiency and usability.
Exploit Allows Using Google Accounts without Password Through a Cookie Vulnerability
The exploit was initially disclosed in October 2023 when a hacker shared information about it on a Telegram messaging platform channel.
This post highlights a vulnerability related to cookies, which are commonly utilized by websites and browsers to track users and enhance their browsing experience.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” .
“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”
Google said in a statement
The researchers who initially discovered this threat emphasized the intricate and covert nature of modern cyber attacks.
“This exploit enables continuous access to Google services, even after a user’s password is reset,”
Pavan Karthick M, threat intelligence researcher at CloudSEK, said in a blog post explaining the issue.
How to Check if Your Google Account Was Accessed:
- Visit your Google Account.
- Navigate to “Security” in the left panel.
- Select “Manage all devices” under the “Your devices” section.
- Identify devices currently or recently signed in.
- For more details, click on a specific device or session.
- Look out for “Signed out” indications for unexpected access.
- If multiple sessions appear for the same device type, scrutinize details.
- If unsure, promptly sign out of any suspicious sessions.
How to Remediate Unauthorized Access to Your Google Account
If you suspect your Google Account is compromised, take immediate action. Sign out of all browsers to invalidate current session tokens and reset your password. Re-signing in generates new tokens, preventing unauthorized access by rendering old tokens useless.
For Administrators: For those managing Google Accounts for a company or group, the Admin console offers tools. Sign a user out of a managed Google Account by following these steps:
- Sign in to your Google Admin console.
- Navigate to Menu > Directory > Users.
- Locate the user in the Users list.
- Click the user’s name to access their account page.
- Proceed to Security > Sign-in cookies > Reset to ensure a secure account.
