Techly NewsGet the app

Get the latest tech news

Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Acces


Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with…

Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google had blocked. In response to questions, Google said it fixed the problem within 72 hours of discovering it, and that the company has added additional detection to protect against these types of authentication bypasses going forward. In the case of the reader who shared the breach notice from Google, the imposters used the authentication bypass to associate his domain with a Workspace account.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google

Google

Photo of crooks

crooks

Photo of email verification

email verification

Related news:

News photo

Google fixes Chrome Password Manager bug that hides credentials

News photo

Google creates self-replicating life from digital 'primordial soup'

News photo

OpenAI's SearchGPT prototype targets Google as its waitlist opens

« WeRide Files for Biggest US IPO by Chinese Firm Since Didi
MIT 11.350: Sustainable Real Estate »