A new vulnerability in Google Gmail allows credential hacking upon sign up

 

A new vulnerability in Google Gmail allows credential hacking upon sign up

New Google Gmail vulnerability that can hack login credentials The new Gmail exploit could put your sensitive information at risk after a recently discovered flaw in the app's authentication code.

Millions of users around the world have been warned about this security issue, especially since it is related to Facebook logout.

A new vulnerability in Google Gmail could exploit users' data dump(Photo: Solen Feyisa from Unsplash) A security researcher has warned millions of users about the new Google Gmail exploit that could hijack their saved credentials on websites.

According to a Forbes report, Youssef Sammouda, a security researcher, said the exploit lies in the authentication code of Google's free email service.

Interestingly, the error is related to Facebook. Therefore, linked accounts used when logging into Gmail could be affected by this
security issue.

Sammouda added that Google OAuth redirects are connected to FB opt-out. In addition, it is also connected to sandbox systems. For those unfamiliar with Google OAuth, it's an acronym for "Open Authorization" that various tech giants like Microsoft and Amazon have rolled out to users.

For example, this standard allows users to connect their accounts to third-party websites. In this context, you will use the same username and password shared with the Applications.

Additionally, Sammouda went on to say that the impact of this exploit could be more concerning. He quoted Facebook as giving him a $44,625 "bug bounty" for that result.

Malwarebytes Labs, a well-known cybersecurity company, has warned users that they were using a linked account. “Linked accounts were invented to make signing up easier. You can use an account to sign in to other apps, websites, and services.

All you have to do to access the account is confirm that the account is yours,” wrote Pieter Arntz, a researcher at Malware Intelligence.

He stated that they would not recommend anyone relying on a single password when logging into multiple websites. This is because there is no guarantee that your password will be compromised when you log in.

How to avoid this vishing attack?

How to unlink your account Forbes reports that people who wish to unlink their account can do the following: First go to Settings and Privacy.

Then access the Account Center button and go to Accounts and Profiles. Once you are done with this process, you can now unlink your Facebook account.

In other news, Express says there is a new scam email harassing UK users. The tech publication writes that scammers are tricking people into clicking on an email containing a procedure on how to demand a government refund of hundreds of pounds.

The suspicious scheme suggests that all customers can only request a refund by 1 May. For this part, you will be instructed to click a button that will redirect you to a fake email.

Ever since authorities found out about its existence, Action Fraud has been warning users about this threat. The country's reporting center urged everyone to avoid clicking on fake Ofgem emails.