Google Thwarts Hackers’ Attempt to Create Malicious Accounts Within 72 Hours

Pune, 29th July 2024: Google recently tackled a significant security issue where hackers were found creating malware-laden workplace accounts by bypassing the company’s email verification process. These malicious accounts were used to access third-party services. Google swiftly addressed and resolved this vulnerability within 72 hours of its discovery, ensuring that its services remained secure from exploitation.

In recent weeks, Google noticed small-scale campaigns where bad actors were sending specific requests to create Google Workspace accounts without completing the email verification step. These hackers managed to sign into Google accounts and access third-party applications. This issue was brought to light upon the request of Brian Krebs, a journalist at KrebsOnSecurity. Google confirmed that it had swiftly fixed the security flaw. Anu Yamunan, Google’s Director of Abuse and Safety Protection for Workspace, highlighted that this malware-related activity began in late June.

According to Google, thousands of Workspace accounts were created without domain verification. The company has since added additional detection methods to prevent such authentication bypass attempts in the future. Hackers were using one email address for account sign-in and another for token verification. Once the email was verified, they could use third-party services without any hindrance.

Despite the hackers’ efforts, there was no misuse of Google’s services during this hacking attempt. Google took prompt action to ensure that all security measures were fortified to prevent any further exploitation. The tech giant remains committed to maintaining the highest security standards to protect its users from such malicious activities.