Security Alert: Hackers Can Access Google Accounts Without Passwords

Cybercriminals can access users’ Google accounts through a cookie vulnerability without knowing the password.

CloudSEK, a cybersecurity firm, recently published an investigation on a form of malware that uses cookies to access users’ private data illegally. Hacker groups are continuously deepening this method while Google has yet to provide a permanent fix.

A hacker on Telegram initially disclosed the attack technique in October 2023. It contained instructions on how to use a cookie vulnerability to attack Google accounts. Websites and browsers often use cookies to remember user behavior, thus improving the Internet experience.

Cookies are available in an assortment of forms, including Google’s authentication cookie, which allows users to access their accounts without constantly logging in. Hackers have found a flaw in this mechanism to bypass the two-factor authentication process, allowing them to access users’ Google accounts without knowing the password.

Successful Regeneration of Cookies after Resetting Password

After reversing the code segments and analyzing them, CloudSEK experts determined that this is a highly sophisticated form of exploitation. To get around this, hackers not only need to be well-versed in security but also understand Google’s authentication mechanism.

“Even more alarming is the fact that this exploit remains effective even after users have reset their passwords. This persistence in access allows for prolonged and potentially unnoticed exploitation of user accounts and data,” CloudSEK emphasized the severity of the vulnerability.

According to experts, the new attack method shows that hackers are becoming more sophisticated, tending to lurk, and seeking more effective, long-lasting methods that are difficult to detect. “This analysis underscores the complexity and stealth of modern cyber threats. It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats,” said Pavan Karthick M, a researcher at CloudSEK.

Google Chrome currently accounts for about 60% of the market share of Internet browsers. According to the Independent, the company is in the process of blocking third-party cookies. With the new vulnerability, Google said it is strengthening technical measures to detect accounts logged in illegally using the security vulnerability.

“Users should continue to follow the instructions to remove malware that is detected on their computers. We recommend enabling the Enhanced Safe Browsing mode when using Chrome to minimize the download and access of malware,” Google said.

CloudSEK advises, that if users feel they have been compromised, they should log out of all accounts and profiles that are now accessible on the browser while waiting for Google to provide a comprehensive solution. Afterward, reset your password and log in once more. While this may not provide complete protection against the novel attack technique, it does pose a serious obstacle for hackers seeking to gain unauthorized access to user accounts.