Skip to content
Techzine Europe
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Europe
  • Techzine Netherlands
Techzine Blogs Security Exploit provides access to Google accounts: password change doesn’t help
3 min Security

Exploit provides access to Google accounts: password change doesn’t help

Laura HerijgersJanuary 2, 2024 12:22 pmJanuary 2, 2024
Exploit provides access to Google accounts: password change doesn’t help

Several malware families can give hackers access to Google accounts. For this, the malware abuses an OAuth2 functionality provided by Google. It is not possible to lock out the hacker by changing the password of an affected account.

The Google OAuth2 endpoint MultiLogin would be exploitable for breaking into Google accounts. Through the exploit, hackers steal session cookies, which contain login information. This cookie type remembers the login credentials so that users can access their accounts without entering the username and password each time. It can be used for accessing online services that authenticate you through your Google account.

It involves full authentication, in which two-step verification is bypassed because it is automatically generated from a previous session. Because of the sensitivity of the information contained in these types of cookies, the lifetime of session cookies should be short.

However, MultiLogin allows hackers to recover session cookies from Google. Breaking into a Google account is then possible by using an infostealer malware. Moreover, the exploit automatically generates the latest authentication information. This means the problem is not solved with a password change. That’s not the only problem because hackers can additionally maintain access for a long time. It is an option to re-generate the cookies should the hacker’s open session get interrupted.

Malware for sale online

There are several malware families in circulation, and, according to CloudSEK, there is evidence hackers abuse the exploit. This company’s research team discovered MulitLogin and published a blog with their findings. The evidence that cybercriminals already know about the exploit was actually the beginning point of the research. This came to the knowledge of the researchers through a Telegram message from threat actor “PRISMA”.

In the meantime, six info-stealers malware have already been found. Among the families is the Lumma Infostealer. This type of malware is known for stealing the following sensitive information: crypto wallets, browser extensions and codes for two-step verification. Lumma has been traded since 2022.

Convenience over security?

Google itself did not respond to the discovery and the misuse of MultiLogin has not been officially confirmed. The Hudson Rock team, which also investigates the exploit in another research, says Google is taking no action. They speculate that session cookies will also not be disabled for the sake of ease of use. Google recently released another tool for checking for leaks that expose your password. However, the feature will not be able to detect this specific exploit.

Also read: Google Chrome has Safety Check: controls and needs control

To protect your credentials from cookie theft, it is generally recommended not to use built-in services that save passwords. Otherwise, it is always wise to use such services only if a master password protects the data. In addition, it is recommended to change your settings to delete cookies automatically after closing the browser.

Tags:

exploit / Google / Google Account / infostealer / login credentials / Research

"*" indicates required fields

Stay tuned, subscribe!

Nieuwsbrieven*
This field is for validation purposes and should be left unchanged.

Related

Google now provides free access to Gemini 2.5 Pro

Google starts deleting inactive accounts

Google adds account synchronisation to its 2FA authenticator app

Google Workspace now alerts key changes to administrator accounts

Editor picks

Microsoft offers Europe new terms after complaint about licensing

Microsoft has submitted a new proposal to the European cloud organiza...

Ingram Micro slowly gets back on its feet after ransomware attack

Ingram Micro is gradually reactivating customer ordering after contai...

The AI wave is forcing organizations to rethink their infrastructure

The rapid rise of AI is creating a new reality. Whereas infrastructur...

What we know about SafePay, the Ingram Micro attackers

It sounds like a banking app, but instead, it's one of the latest ran...

Insight: IT in Retail

E-commerce solutions provider puts its own portfolio on display

Commercetools launches semi-annual showcase 'Compilations'

Intel and Altera aim to bring AI to edge computing with new series of chips

Intel and subsidiary Altera have unveiled new chips and FPGAs optimiz...

RFID gives optimal insight and overview in both store and warehouse

RFID gives optimal insight and overview in both store and warehouse

Keeping a store running successfully today is about much more than pu...

AI-powered cameras shake up retail

AI-powered cameras shake up retail

Stores are deploying AI-powered cameras in multifaceted ways. Everyth...

Read more on Security

Louis Vuitton hacked: customer data stolen in cyber attack

Louis Vuitton hacked: customer data stolen in cyber attack

On July 2, hackers gained access to Louis Vuitton's systems in the United Kingdom. Customer data was stolen. ...

Berry Zwets 2 days ago
Windows 11 24H2 standardizes its scripting engine

Windows 11 24H2 standardizes its scripting engine

Starting with Windows 11 version 24H2, the JScript9Legacy engine will be enabled by default for all scripting...

Mels Dees 2 days ago
Conscia’s largest acquisition ever: Open Line to be taken over

Conscia’s largest acquisition ever: Open Line to be taken over

Dutch IT service provider Conscia has announced the acquisition of Open Line, a specialist in managed cloud s...

Erik van Klinken 2 days ago
KnowBe4 evolves from security training to human risk management
Top story

KnowBe4 evolves from security training to human risk management

Security awareness training has come a long way from its origins as a compliance checkbox. Today, it’s evol...

Berry Zwets 2 days ago

Tech calendar

Krijg Volledig Inzicht van Gebruiker tot Cloud met Cisco ThousandEyes

July 15, 2025

GITEX DIGI_HEALTH 5.0 - Thailand

September 10, 2025 BITEC Bangkok, Thailand

IT Arena

September 26, 2025 Lviv, Ukraine

Innovation Week 2025

October 9, 2025 Prague

Luxembourg Venture Days

October 22, 2025 Luxembourg

Appdevcon

March 10, 2026 Amsterdam

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2025 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement