According to a recent story, hackers have figured out a way to get into people’s Google accounts without having to compromise their passwords. Hackers are using third-party cookies to obtain unauthorized access to people’s private data, even after Google introduced two-factor authentication for users, according to a report by the security firm CloudSEK titled “Compromising Google accounts: Malwares exploiting undocumented OAuth2 functionality for session hijacking.”
According to researcher Pavan Karthick M. of CloudSEK threat intelligence, the new threat “underscores the complexity and stealth of modern cyber attack.”
“This exploit enables continuous access to Google services, even after a user’s password is reset. It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats,” CloudSEK mentioned in a blog dated December 29, 2023.
The threat was initially made public by a hacker who wrote on Telegram about a potentially harmful type of malware last year, according to The Independent. According to reports, the hacker disclosed how they might obtain users’ personal information by using internet cookies.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected. Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,” Google said as reported by The Independent.