Hackers discover way to access Google accounts without a password

L4sBot@lemmy.world · 2 years ago

Hackers discover way to access Google accounts without a password

hperrin@lemmy.world · edit-2 2 years ago

This isn’t new at all. This is called session hijacking, and it’s been around for decades.

LTT just made a couple videos about it last year, because it happened to them.

parpol@programming.dev · 2 years ago

deleted by creator

asdfasdfasdf@lemmy.world · 2 years ago

If you’re in California or the EU you could always just tell them to delete it anyway.

Buck@lemmy.world · 2 years ago

I was able to bypass that by logging into YouTube without a phone number, and then going to Google accounts. Not sure if that still works.

CriticalMiss@lemmy.world · 2 years ago

Firefox users keep winning.

circuscritic@lemmy.ca · 2 years ago

Firefox isn’t magically immune to session hijacking…

RedWeasel@lemmy.world · 2 years ago

So the moral is use Firefox and not Chrome?!

fatalicus@lemmy.world · 2 years ago

So it is session hijacking, something that has been known for a while?

Cornelius_Wangenheim@lemmy.world · edit-2 2 years ago

The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).

Hackers discover way to access Google accounts without a password

Hackers discover way to access Google accounts without a password

Hackers have discovered a way to access Google accounts without a password