"Google Accounts at Risk: OAuth Flaws and Malware Enable Unauthorized Access"
TL;DR Summary
A vulnerability in Google's OAuth protocol, named "MultiLogin," was exploited by a malware developer, allowing cyber-criminals to hijack Google accounts by synchronizing them across services. The exploit enables persistent access to Google services even after a password reset, by generating valid session cookies. Google has acknowledged the issue and taken steps to secure affected accounts, advising users to log out to invalidate stolen tokens and recommending the use of Enhanced Safe Browsing in Chrome for additional protection.
Topics:technology##accounthijacking#cybersecurity#googleoauth#malwareexploit#multiloginvulnerability#technology-and-cybersecurity
- Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered TechSpot
- Hackers have discovered a way to access Google accounts without a password The Independent
- Google password resets not enough to stop these info-stealing malware strains The Register
- Accounts in danger: Google recommends enhanced safe browsing and extra care CyberNews.com
- Attackers Abuse Google OAuth Endpoint to Hijack User Sessions Attackers Abuse Google OAuth Endpoint to Hijack User Sessions DARKReading
Reading Insights
Total Reads
0
Unique Readers
0
Time Saved
2 min
vs 2 min read
Condensed
80%
386 → 77 words
Want the full story? Read the original article
Read on TechSpot