Desperate Gmail and YouTube users are turning to official and unofficial Google support forums after hackers took over their accounts, bypassed two-factor authentication security, and locked them out. Many times, attackers have been seen engaging in crypto fraud by distributing Ripple's XRP to responders.
Google users take to support forums as 2FA hackers target Gmail and YouTube accounts
If you take a quick look at the various support forums for Google products like Gmail and YouTube (including Google's own official forums and Reddit's), you'll always find people desperately asking questions about account recovery. These are usually related to someone forgetting their password, having their phone stolen, or changing their phone number. However, if you see a pattern emerge of your account being hacked and not being able to recover your account despite having 2FA enabled, you know something is wrong.
“They changed the two-factor authentication… account recovery doesn’t work and you’re stuck in a loop.”
“The hackers changed passwords and phone numbers, and also edited two-factor authentication settings.”
“My 2FA-authenticated account can't log in. The password box says the password was changed 25 hours ago.” A genius hacker changed the recovery email address to the same email address and my number too. Since it was deleted, it cannot be recovered. ”
Apart from the number of accounts that were compromised despite having 2FA protection in place, there appears to be another commonality in the form of scams leveraging Ripple Labs' cryptocurrency, namely XRP.
Ripple Labs issues XRP cryptocurrency scam alert
Ripple went to X to spread awareness that attacks on Gmail and YouTube accounts are on the rise and are being used to trap readers and viewers with various scams. The most common of these is known as the crypto doubling scam, which promises to refund him twice the XRP she sent to an account masquerading as a genuine Ripple management account. For example, some of the compromised YouTube accounts used deepfake-generated videos of his CEO at Ripple Labs, Brad Garlinghouse, to ensure their authenticity.
in × Post The article, published on April 11, warns that Ripple Labs will never ask anyone to send XRP and points out that concerned readers are advised on how to avoid crypto scams. ing.
How hackers bypass 2FA security
The answer to the question, “How do threat actors hack 2FA security?” I mean they're not. They just bypass it completely. A user who has been locked out of his Google account and has had his password and his 2FA details changed in a way that prevents him from logging back in is most likely to have fallen victim to a so-called session cookie hijacking attack. This attack most often begins with a phishing email that leads to malware that can capture session cookies designed to help users log in faster or jump right back to where they left off. The problem is that if a malicious attacker were able to get hold of these her cookies after the user successfully logs in, they could basically play them and bypass the need for her 2FA code. As far as this site is concerned, authentication has already been successful and the user is already logged in. Forbes contributor Zak Doffman provides an overview of this attack technique and some of the techniques used to counter it.
Google says users will have 7 days to recover hacked 2FA accounts
When we contacted Google about the session cookie hijacking issue, they acknowledged that it's a long-standing problem for account security on the Internet. A Google spokesperson said: “In addition to driving innovations like device-bound session credentials, we're working hard to detect and block suspicious access that could indicate a stolen cookie. “We have technology that we use and continually update.”
Google says all is not lost for users whose accounts have already been hacked and whose secondary or recovery factors have been changed. “Our automatic account recovery process allows users to use their original recovery factors for up to seven days after the change, as long as they were set up before the incident occurred,” the spokesperson said. Masu.
Regarding general account security hygiene, Google recommends making sure your account is set up for recovery so that there are fewer problems if you need to regain access for any reason. . “For added protection, we continue to encourage users to utilize security tools such as Passkey and Google's Security Checkup,” the spokesperson concluded.
follow me twitter Or LinkedIn. check out My website and other works can be found here.
