{"id":800780,"date":"2024-01-08T11:02:38","date_gmt":"2024-01-08T11:02:38","guid":{"rendered":"https:\/\/telecomlive.in\/web\/2024\/01\/08\/cybercriminals-find-new-way-to-access-google-accounts-without-password-report\/"},"modified":"2024-01-08T11:02:38","modified_gmt":"2024-01-08T11:02:38","slug":"cybercriminals-find-new-way-to-access-google-accounts-without-password-report","status":"publish","type":"post","link":"https:\/\/telecomlive.in\/web\/2024\/01\/08\/cybercriminals-find-new-way-to-access-google-accounts-without-password-report\/","title":{"rendered":"Cybercriminals find new way to access Google accounts without password: report"},"content":{"rendered":"<p>Researchers have uncovered a hack that lets hackers access people&#8217;s Google accounts without needing their passwords.<\/p>\n<p>According to the cybersecurity company CloudSEK, a new type of malware that uses third-party cookies to gain unauthorised access to people&#8217;s private data is already being actively tested by hacking groups.<\/p>\n<p>The exploit was first discovered in October 2023, when a hacker posted about it on a Telegram channel.<\/p>\n<p>&#8220;In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user&#8217;s password reset,&#8221; said Pavan Karthick M, a threat intelligence researcher at CloudSEK.<\/p>\n<p>The researchers identified the exploit&#8217;s root at an undocumented Google Oauth endpoint named &#8220;MultiLogin&#8221;.<\/p>\n<p>The post described how accounts could be compromised due to a flaw in cookies, which websites and browsers use to track users and improve their efficiency and usability.<\/p>\n<p>Google authentication cookies allow users to access their accounts without constantly entering their login information; however, hackers discovered a way to retrieve these cookies in order to circumvent two-factor authentication.<\/p>\n<p>According to the Independent, the Chrome web browser is presently in the process of cracking down on third-party cookies.<\/p>\n<p>&#8220;We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,&#8221; Google was quoted as saying.<\/p>\n<p>&#8220;Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,&#8221; it added.<\/p>\n<p>Further, Karthick M mentioned that this highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have uncovered a hack that lets hackers access people&#8217;s Google accounts without needing their passwords. According to the cybersecurity company CloudSEK, a new type of malware that uses third-party cookies to gain unauthorised access to people&#8217;s private data is already being actively tested by hacking groups. The exploit was first discovered in October 2023, when a hacker posted about it on a Telegram channel. &#8220;In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user&#8217;s password reset,&#8221; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7],"tags":[],"class_list":["post-800780","post","type-post","status-publish","format-standard","hentry","category-it-2"],"acf":[],"_links":{"self":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/800780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/comments?post=800780"}],"version-history":[{"count":0,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/posts\/800780\/revisions"}],"wp:attachment":[{"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/media?parent=800780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/categories?post=800780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/telecomlive.in\/web\/wp-json\/wp\/v2\/tags?post=800780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}