You might not be totally safe from hackers even after you reset your Google password.

There was allegedly an exploit in Google cookies that allowed bad actors to access Google services even after users reset their passwords, according to a 2023 analysis from security firm CloudSEK uncovered by the developer PRISMA. The malware uses third-party cookies to gain unauthorized access to users’ data that, according to the firm, lets the hackers retain “continuous access” to Google accounts even after the password is reset. According to The Independent, it’s already being testing by hacking groups.

“This analysis underscores the complexity and stealth of modern cyber threats,” CloudSEK wrote in a post.

You could always block cookies every chance you get, yet it makes sense why you’d want your cookies on. Google authentication cookies let you stay logged in to other accounts, which can be very annoying to reset every time.

“We routinely upgrade our defenses against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google said in a statement to The Independent. “Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”

If you get hacked with some of this particularly advanced malware, it doesn’t look like a quick password reset will solve your issue. Instead, CloudSEK recommends that you log out of your account completely on all of your devices and browsers and then reset your password.

Stay safe, y’all.


Source link