Security researchers have discovered a flaw in Gmail that allows hackers to access Gmail accounts without a password.
An analysis by security company CloudSEK has found that a dangerous type of malware can use third-party cookies to gain illegal access to private data, and hacking groups have already tested it.
The flaw was first disclosed by a hacker on the messaging platform Telegram in October 2023. The post explained how accounts could be accessed by exploiting vulnerabilities associated with cookies.
Google authentication cookies allow users to access their account without repeatedly entering their login details. However, hackers have found a way to get these cookies to bypass the two-factor authentication step.
It should be noted that the world’s most popular web browser, Google Chrome, is currently cracking down on third-party cookies.
In a statement, Google said the company routinely upgrades its defenses against such techniques to protect users from becoming targets of malware. Google has taken steps to protect any suspicious accounts it has flagged.