Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: JAB Newsgroups: misc.news.internet.discuss Subject: Gmail Takeover Hack Attack Date: Sat, 07 Dec 2024 18:29:26 -0600 Organization: A noiseless patient Spider Lines: 36 Message-ID: Reply-To: JAB MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Date: Sun, 08 Dec 2024 01:29:27 +0100 (CET) Injection-Info: dont-email.me; posting-host="93330d11691646f61c88dd5a89ccae38"; logging-data="3581928"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18QcX9bLCd59rt5lWK6WJYl" User-Agent: ForteAgent/8.00.32.1272 Cancel-Lock: sha1:47R1iYClGikJBfZ9ZGnr2ZOAn88= Bytes: 2938 Gmail Takeover Hack Attack--Google Warns You Have Just 7 Days To Act .... .... A typical example of a Gmail user who has found themselves locked out of their account after a successful hack attack compromise was posted to the Reddit Gmail subreddit recently. The user complained that they had been locked out of the account after finding that their "passkeys (fingerprint), passwords and phone number were changed," laying the blame on malware that was discovered on their device. "The only thing I have attached to the account is my other recovery email that I still have access to, though it doesn't really help with logging me back in," the user said, "I don't have access to backup codes either and I'm pretty much ready to give up at this point knowing that Google doesn't have live support." Although Google wasn't able to help with this specific case, I did ask for broader advice on how a Gmail user should respond in such circumstances in order to regain access to their Google account and their Gmail. .... .... Google Said Users Have 7 Days To Regain Access To A Compromised Gmail Account I had a conversation with a Google spokesperson, Ross Richendrfer, who deals with workspace security and privacy matters. First and foremost, Richendrfer wanted me to point out that the tactics being seen by these email hackers are not unique to Gmail by any means, it's a common methodology for an attacker to maintain control of an account once it has been initially compromised. However, Richendrfer did confirm, for context, that Google does see situations where an attacker has compromised an account and then adds a security key or a passkey to prevent the legitimate owner from logging back in. This, Richendrfer said, is usually as a result of the Gmail account holder "not using phishing-resistant authentication technologies, such as security keys or passkeys," to protect their Google account https://www.forbes.com/sites/daveywinder/2024/12/07/gmail-takeover-hack-attack-google-warns-you-have-just-7-days-to-act/