Hackers Gain Access to Google Accounts Without Passwords

Researchers have discovered that hackers can infiltrate Google accounts without needing the password, according to the Indian cybersecurity company, CloudSEK. The vulnerability is found within Google’s cookies, which are designed to remember your login details for subsequent visits to a website. CloudSEK reports that attackers have figured out a method to exploit these cookies to circumvent the two-factor authentication (2FA) process, typically required to verify your identity. Intriguingly, this security loophole allows unauthorized access even after the account’s password has been changed.

The issue first came to light in October 2023, when a hacker detailed the exploit on the messaging platform, Telegram, highlighting the evolving sophistication and stealthiness of contemporary cyber threats. In response to the discovery, Google has stated that it has “taken action to secure any compromised accounts detected,” emphasizing its commitment to user security amidst the growing challenges in cyber defense.