Google issues alert over increase in account takeovers
The tech giant warned about cyberattacks specifically targeting account takeovers, which continue to rise
The alarming increase in email account takeovers led Google to issue an alert, given that cybercriminals are now not only stealing passwords but also capturing authentication codes and even session cookies.
With this advancement in their methodology, attackers can take control of an account without having to overcome additional security measures.
According to Chrome Sync, “browser syncing is incredibly convenient… and dangerously pervasive. When you turn on syncing in Chrome, Google stores a massive amount of your private data in the cloud: browsing history, open tabs, passwords, payment methods, addresses, phone numbers, information stored in Google Pay, etc.” In other words, the user’s digital life.
If you add to this the fact that Chrome functions as a universal password manager, if a hacker gains access to your account, it “opens the door to banking services, social networks, online stores, work tools, and any platform whose data is stored in the browser.”
A similar situation occurs with cookie theft, a technique that is gaining ground and allows attackers to “bypass login mechanisms and behave as if they were you, without the system detecting anything unusual.”
The good news is that users can protect themselves. One of the main safeguards is to disable Chrome Sync or use the “Custom sync” option to exclude particularly sensitive data such as passwords and payment information.
In addition, Google reminds users that “it is possible to encrypt all synced information using a passphrase. While this option does disable some features—such as Smart Lock—it significantly increases security. It’s a small sacrifice in exchange for preventing an intrusion from compromising your entire digital identity.”
For its part, Google is implementing new tools to mitigate attacks, even after data has been stolen, such as passkeys, Device Bound Session Credentials (currently in beta), and the new Shared Signals Framework, which will allow Google to react automatically when partner platforms detect suspicious activity.
M.Pino
Source: muycomputer
(Reference image source: Krsto Jevtic on Unsplash)
Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram
