Hackers can access a Gmail account without a password, experts say. Security researchers have discovered a flaw in Gmail that allows hackers to access people's Gmail accounts without a password.
An analysis by a security company (Cloud SE) has found that a dangerous type of malware can use third-party cookies to gain illegal access to people's private data. And hacking groups have already tried it.
The flaw was first disclosed by a hacker on the messaging platform Telegram in October 2023.
The post explained how accounts could be accessed by exploiting vulnerabilities associated with cookies (which websites and browsers use to track users to improve their performance).
Google authentication cookies allow users to access their accounts without repeatedly entering their login details. Notwithstanding, programmers have figured out how to get these treats to sidestep the two-factor confirmation step.
It should be noted that the world's most popular web browser, Google Chrome, is currently cracking down on third-party cookies.
In a statement, Google said the company routinely upgrades its defenses against such techniques to protect users from becoming targets of malware. Google has taken steps to protect any suspicious accounts it has flagged.