Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » Blogs » Security » Exploit provides access to Google accounts: password change doesn’t help
3 min Security

Exploit provides access to Google accounts: password change doesn’t help

Laura HerijgersJanuary 2, 2024 12:22 pmJanuary 2, 2024
Exploit provides access to Google accounts: password change doesn’t help

Several malware families can give hackers access to Google accounts. For this, the malware abuses an OAuth2 functionality provided by Google. It is not possible to lock out the hacker by changing the password of an affected account.

The Google OAuth2 endpoint MultiLogin would be exploitable for breaking into Google accounts. Through the exploit, hackers steal session cookies, which contain login information. This cookie type remembers the login credentials so that users can access their accounts without entering the username and password each time. It can be used for accessing online services that authenticate you through your Google account.

It involves full authentication, in which two-step verification is bypassed because it is automatically generated from a previous session. Because of the sensitivity of the information contained in these types of cookies, the lifetime of session cookies should be short.

However, MultiLogin allows hackers to recover session cookies from Google. Breaking into a Google account is then possible by using an infostealer malware. Moreover, the exploit automatically generates the latest authentication information. This means the problem is not solved with a password change. That’s not the only problem because hackers can additionally maintain access for a long time. It is an option to re-generate the cookies should the hacker’s open session get interrupted.

Malware for sale online

There are several malware families in circulation, and, according to CloudSEK, there is evidence hackers abuse the exploit. This company’s research team discovered MulitLogin and published a blog with their findings. The evidence that cybercriminals already know about the exploit was actually the beginning point of the research. This came to the knowledge of the researchers through a Telegram message from threat actor “PRISMA”.

In the meantime, six info-stealers malware have already been found. Among the families is the Lumma Infostealer. This type of malware is known for stealing the following sensitive information: crypto wallets, browser extensions and codes for two-step verification. Lumma has been traded since 2022.

Convenience over security?

Google itself did not respond to the discovery and the misuse of MultiLogin has not been officially confirmed. The Hudson Rock team, which also investigates the exploit in another research, says Google is taking no action. They speculate that session cookies will also not be disabled for the sake of ease of use. Google recently released another tool for checking for leaks that expose your password. However, the feature will not be able to detect this specific exploit.

Also read: Google Chrome has Safety Check: controls and needs control

To protect your credentials from cookie theft, it is generally recommended not to use built-in services that save passwords. Otherwise, it is always wise to use such services only if a master password protects the data. In addition, it is recommended to change your settings to delete cookies automatically after closing the browser.

Tags:

exploit / Google / Google Account / infostealer / login credentials / Research

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

Google now provides free access to Gemini 2.5 Pro

Google starts deleting inactive accounts

Google adds account synchronisation to its 2FA authenticator app

Google Workspace now alerts key changes to administrator accounts

Editor picks

GPT-5.6 now widely available: Sol, Terra, and Luna launched

OpenAI is now gradually rolling out GPT-5.6 worldwide. A limited prev...

Grok 4.5 challenges the coding frontier

Not quite Fable, much cheaper

The problem with AI model routing

Tokenmaxxing has largely died. It has dawned on enterprises that lead...

T Cloud is more than just a European cloud

A counterpoint to American public clouds is sorely needed. For organi...

Techzine.tv

AI observability and container security with Wiz at KubeCon

AI observability and container security with Wiz at KubeCon

How Atlassian designs AI products that users can trust

How Atlassian designs AI products that users can trust

AI security threats facing open source ecosystems in 2026

AI security threats facing open source ecosystems in 2026

How New Orleans monitors 2,000+ cameras in real time

How New Orleans monitors 2,000+ cameras in real time

Read more on Security

69% of companies allow AI agents to share credentials

69% of companies allow AI agents to share credentials

69 percent of companies allow AI agents to share credentials, according to a VentureBeat survey of 107 organi...

Coen van Eenbergen 12 hours ago
HPE iLO Security: From remote management to quantum-safe security
Top story

HPE iLO Security: From remote management to quantum-safe security

HPE's iLO management controller is far more than a remote access tool, it is the cornerstone of server securi...

Coen van Eenbergen July 3, 2026
KU Leuven discovers privacy leaks in popular crypto wallets

KU Leuven discovers privacy leaks in popular crypto wallets

There are hidden privacy risks in crypto wallets that run as browser extensions. Researchers from DistriNet, ...

Laura Herijgers 7 hours ago
Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”
Top story

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s the underlying architecture or code. If i...

Sander Almekinders July 1, 2026

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement