Hackers have found a way to access Google accounts without passwords

Security researchers Hacking has revealed a method by which cybercriminals can Google Accounts can be accessed without their passwords.

An analysis by security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorized access to people’s private data and is already actively being used by hacking groups. It is being tested.

This was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.

The post explained how accounts can be hacked by making them insecure through cookies. These are cookies that websites and browsers use to track users and improve their performance and usability.

Google’s authentication cookies allow users to access their accounts without constantly entering login details, but hackers have found a way to retrieve these cookies to bypass two-factor verification. can go

The Google Chrome web browser, the world’s most popular browser with more than 60 percent market share last year, is currently engaged in a crackdown on third-party cookies.

Google said in a statement: ‘We routinely upgrade our defenses against such techniques and to protect users vulnerable to malware. In this case too, Google has taken action to secure the hacked accounts.’

It added: ‘Consumers should take ongoing steps to remove any malware from their computers. We recommend turning on more secure browsing in Chrome to protect against phishing and malware downloads.’

The researchers who first uncovered the vulnerability have said it illustrates the ‘sophistication and secrecy’ of the modern cyber attack.

Cloudsec’s threat intelligence researcher Pawan Karthik M wrote in his blog post about the issue: ‘(This hacking method) allows (hackers) continuous access to Google services even after the user resets the password. Enables access.’

He added: ‘This highlights the need for continuous monitoring of both technical vulnerabilities and human intelligence sources to proactively deal with emerging cyber threats.’

The security issue is detailed in a report, titled ‘Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’, written by Pawan Karthik M., threat intelligence researcher at CloudSE.

Join Independent Urdu’s WhatsApp channel for authentic news and current affairs analysis Here Click