Techly NewsGet the app

Get the latest tech news

Crooks Bypassed Google's Email Verification To Create Workspace Accounts, Access 3rd-Party Services


Brian Krebs writes via KrebsOnSecurity: Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through...

[...] Google Workspace offers a free trial that people can use to access services like Google Docs, but other services such as Gmail are only available to Workspace users who can validate control over the domain name associated with their email address. "The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process," [said Anu Yamunan, director of abuse and safety protections at Google Workspace]. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on."

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Google

Google

Photo of crooks

crooks

Photo of email verification

email verification

Related news:

News photo

Google's DeepMind AI takes home silver medal in complex math competition

News photo

Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Acces

News photo

Google fixes Chrome Password Manager bug that hides credentials

« Mastering Ruby Code Navigation: Ruby LSP Enhancements in the First Half of 2024
Silicon Valley shaken as open-source AI models Llama 3.1 and Mistral Large 2 match industry leaders »