TechRadar

Hackers bypass Google Workspace authentication to expose thousands of accounts

By Sead Fadilpašić,

8 hours ago

Google’s cloud-based productivity platform had an authentication weakness that allowed hackers to impersonate other companies and log into third-party services, experts have warned.

As reported by KrebsOnSecurity , the vulnerability was discovered in the email verification process when creating a Google Workspace account.

Crooks were able to circumvent the verification, and log into third-party services that offered the “Sign in with Google” option for authentication.

Caught in the wild

“The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process,” Anu Yamunan, director of abuse and safety protections at Google Workspace, told Krebs.

“The vector here is they would use one email address to try to sign in, and a completely different email address to verify a token. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on.”

Google’s engineers also confirmed that the vulnerability was being abused in the wild, at least in the last couple of weeks:

“In the last few weeks, we identified a small-scale abuse campaign whereby bad actors circumvented the email verification step in our account creation flow for Email Verified (EV) Google Workspace accounts using a specially constructed request,” Google said. “These EV users could then be used to gain access to third-party applications using ‘Sign In with Google’.”

Google said it fixed the problem within 72 hours from discovering it, and added an extra layer of protection, for good measure. It also said that the abuse involved “a few thousand” accounts, and that it started in late June.

However, the comments left by readers on both TheHackerNews , and KrebsOnSecurity, suggest that the issue was present for a lot longer, Neowin reports. In fact, some people said they fell victim to the attack in early June 2024, which would mean hackers were abusing the flaw for at least two months before it was finally addressed.

More from TechRadar Pro

Google Workspace security flaws could see hackers easily snaffle your password
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Expand All

Read in NewsBreak

Comments / 0

Add a Comment

BuzzFeed11 days ago

How to tell if your online accounts have been hacked

TechCrunch14 days ago

A record 10 billion passwords were just posted to a popular hacking forum

TechSpot22 days ago

Samsung shares easy-to-miss setting that stops yours passwords being ‘leaked’ online – four taps turn it on instantly

The US Sun17 days ago

Your Android Phone's Web Browser Has Junk Files You Can Delete Now

CNET2 days ago

A major retailer is edging closer to a dire situation: Chapter 11 bankruptcy

NewsByJoshua49 minutes ago

What looks like a laptop but ain't a laptop? Chinese vendor releases innovative phone docking station that gets its inspiration from long lost Asus Transformer project

TechRadar1 day ago

What’s worse than thieves hacking into your bank account? When they steal your phone number, too

The Associated Press15 days ago

Chelsea Clinton is rumored to be living in Virginia but probably still in NYC

New York City, NY14 days ago

Samsung Messages is getting bumped for Google's app. Here's how to prepare

ZDNet7 days ago

How to Change Your IP Address With and Without a VPN

CNET22 days ago

Millions more victims exposed in debt collection agency data breach

TechRadar3 hours ago

Another retail giant has just filed for Chapter 11 bankruptcy and is shutting down several stores.

NewsByJoshua1 day ago

Another major spyware firm has been breached — thousands of devices have private details exposed

TechRadar3 days ago

How I Keep My Devices Online During an Internet Outage

makeuseof.com16 days ago

Project 2025’s Plan to Gut Medicare and Medicaid

Bucks County Beacon11 days ago

Is Your Data On The Dark Web? Google Now Offers Free Monitoring For All

Hot Hardware18 days ago

How to switch Apple ID

TechRadar5 days ago

I just worked out in my first AI-powered gym – Here are three things I liked (and one I didn't)

TechRadar2 days ago

WARNING! Cyber Crooks Are Coming for YOU: The Shocking Truth About Phishing Scams!

jackandkitty.com2 days ago

Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.

Comments / 0

Community Policy