Hackers have discovered a way to access Google accounts without needing passwords by exploiting authentication cookies. By retrieving these cookies, the hackers were able to bypass two-factor authentication and gain continuous access to the accounts, even after a user changed their password. The exploit works through a vulnerability related to how cookies, which track users across sites, are used. It allowed the hackers to hijack user sessions on Google services. The researchers say that continuous monitoring of both technical vulnerabilities and human intelligence sources is necessary to stay ahead of emerging cyber threats.
Some indicators that an email account may have been hacked include:
- Being locked out of your email account due to a changed password.
- Changes to critical account settings, such as recovery email, phone number, or 2FA options.
- Finding emails in your Sent folder that you didn’t send.
- Receiving password change requests or confirmations for accounts you didn’t request.
- Reports from your contacts about receiving strange emails from your account.
- Noticing logins from unfamiliar IP addresses and locations in your email provider’s login history.
How can someone check the login and device history on a Gmail account?
Open your Gmail inbox and click on “Details” in the lower-right corner. This will show the account activity details link in Gmail.
You’ll see a list of recent logins along with relevant information. Find your IP address and check it against the IP addresses used to access your email account.
If IP addresses other than yours have accessed your account, it’s likely that your account has been hacked. Look for other common warning signs of email hacks to be sure about your Gmail account.
To secure a hacked or compromised Google Account, follow these steps:
1. Sign in to your Google Account. If you can’t sign in, go to the account recovery page. Use the recovery page if your account info has changed, deleted, or you can’t sign in for another reason.
2. Review your account activity and devices. Take more security steps, such as 2-Step Verification, contacting authorities, removing harmful software, installing a secure browser, and preventing password theft with Password Alert.
To recover a hacked Gmail account:
1. Log into your hacked Gmail account. If you can’t log in, go to Google’s account recovery page and answer the questions as accurately as possible.
2. Review your Gmail account activity by going to your Google account and clicking on “Security” in the left menu. Then click “Review security events” in the Recent security events box.
3. Take recovery measures immediately if you’ve been hacked. This includes updating your security software, recovering your accounts, and creating a new email account if needed.
4. Optional: Create a new email account to avoid spam emails and change your security questions if your email provider uses them.
5. Turn on two-factor authentication (2FA) if your email provider offers it, as it adds an extra layer of security to your email account.
6. Tell your contacts about the hack and ask them to look out for suspicious emails that appear to have been sent by you.
By following these steps, you can recover a hacked Gmail account and protect it against future hacks.
Follow these security precautions to help prevent email accounts from being hacked:
Change your password: Begin the password recovery process for your email provider and set a new password that is both long and unique. If you’ve used your old email password for other accounts, change those passwords too — and make sure they’re all different.
Change your security questions: If your email provider uses security questions, such as your first school or your mother’s name, change these to prevent hackers from finding the answers on your social media accounts.
Tell your contacts: Alert your contacts that your email has been hacked, and that they should look out for suspicious emails that appear to have been sent by you. Tell them that you didn’t send these messages yourself, and they should delete them immediately.
Update your security software: Make sure any security software on your devices is updated to the most current version available. If you’re not yet protecting yourself with dedicated online security tools, start today.
Google takes online security seriously and recommends following steps to protect your account regularly. They use exclamation points to indicate recommended actions, with a green shield indicating a healthy account. To check for notifications, sign into your Google Account and select your profile picture. If recommended actions don’t appear, Google doesn’t have any security recommendations. To review your security level, go to Manage Your Account and then Security. If all recommendations are resolved, a green shield appears. If all recommendations are resolved, your account is secure, but you may also receive security tips. For journalists, activists, or those at risk of targeted online attacks, learn about the Advanced Protection Program. Steps include doing a Security Checkup, updating software, using unique, strong passwords, removing unnecessary apps and browser extensions, and protecting against suspicious messages and content.