Security News > 2024 > July > Google Workspace Authentication Vulnerability Allowed Thousands of Accounts to be Exposed
Thousands of accounts have been exposed after hackers used existing emails to create Google Workspace accounts and bypassed the verification process.
One impacted user that shared their experience on a Google Cloud Community forum was notified by Google that someone had created a Workspace account with their email without verification and then used it to log into Dropbox.
A Google spokesperson told TechRepublic: "In late June, we swiftly resolved an account abuse issue impacting a small subset of email accounts. We are conducting a thorough analysis, but thus far have found no evidence of additional abuse in the Google ecosystem."
Anu Yamunan, director of abuse and safety protections at Google Workspace, told Krebs on Security that malicious activity began in late June and "a few thousand" unverified Workspace accounts were detected.
In its message sent to impacted emails, Google said it fixed the vulnerability within 72 hours of it being discovered and that it has since added "Additional detection" processes to ensure it cannot be repeated.
Impacted users have criticised the trial period that Google offers, saying those who try to open a Workspace account using an email address with a custom domain should not have any access until they verify their domain ownership.
News URL
https://www.techrepublic.com/article/google-workspace-vulnerability-accounts-exposed/
Related news
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (source)
- Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades (source)