Google Patches Gmail Hole Exploited by Hackers

Speaking of phishing attacks, it turns out Google has just patched a hole in their Gmail verification system that could give anyone with faulty credentials immediate access to all of your messages, your files on Drive, and even the history of all your web searches and browsing traffic.

The flaw, which was discovered by security researcher Oren Hafif, relied on an exploit that misdirected users to a spoof email, which seemed to come from Google’s head offices requiring you to change your password as the result of a breach on another computer. Little did users know, the crack would take place while they were trying to reset their password on the fake site, giving information to the hackers before they had a chance to get back into their real accounts.

That hacker-controlled site also initiates across-site request forgery attack via XSS that tricks Google into handing over the victim’s login cookie.

“I want you to be honest and agree that if Google says that ‘you’ve confirmed ownership’ of your Google Account, and asks you to choose a new password you will not do so? At least your auntie would!” Hafif said in a blog post explaining the attack.

By the time the account holder realizes they’ve been duped; it’s already too late. Their credentials will have been changed, their information stolen, and any sensitive documents that may be stored in their email will be lifted and analyzed for use at a later date.

To prevent this sort of thing from happening to you, be sure to always verify the URL of the webpage you are on before entering any sensitive information that might lead to Gmail being compromised. Hackers are able to lift your address and prey on you when you leave your IP open and available for everyone to see, so the next time you sign online, be sure to use PureVPN for all your security needs.