Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

nullpc · Jul 28, 2024

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.

wtf google

Futureized · Jul 31, 2024

Glad I moved to zoho few years ago..
There crowdstrike outage also caused this issue -

https://www.forbes.com/sites/daveyw...asswords-vanish-for-15-million-windows-users/

roadrash99 · Jul 31, 2024

Reading the headline I thought the Trump shooter was also a master hacker lol.

nullpc · Jul 31, 2024

roadrash99 said:
Reading the headline I thought the Trump shooter was also a master hacker lol.

Thought the same when I first saw it on Hacker News lol.

Futureized said:
Glad I moved to zoho few years ago..
There crowdstrike outage also caused this issue -

https://www.forbes.com/sites/daveyw...asswords-vanish-for-15-million-windows-users/

Woah WTF. Synced passwords also?

Futureized · Aug 1, 2024

nullpc said:
Woah WTF. Synced passwords also?

IT was just an outage for 12+ hours, no information about leaks.
Storing passwords with any browsers (if sensitive) can be troubling, in fact any services too.

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

nullpc

Futureized

High-Frequency

roadrash99

nullpc

Futureized

High-Frequency