Gmail Can Be Hacked Despite Having Google’s Two-Factor Authentication

Gmail can be hacked despite having Google’s Two-Factor Authentication,but it was made to prevent the account from being hacked.Indie developer Grant Blakeman shows how two-factor authentication can be beaten to takeover a Gmail account.

Writing on the newly emerging social media site Ello, Blackman revealed how hackers hacked his Instagram account through his Gmail account. Despite the fact he was using two-factor authentication, the hackers were able to reset his Gmail password without any meaningful obstacles or security issue.

Blackman woke up to a text on Saturday morning which was only about twenty minutes old. “Google Account password changed” it read. He tried to login in to his Gmail account but all in vain. Regardless of what he tried, Blackman couldn’t get in to his own Gmail account. He then tweeted about the hack where he was lucky enough to receive a response from Wired’s staff writer Mat Honan, who told Blackman to check with his cell phone provider and make sure that call-forwarding had not been enabled on his number without his knowledge.

”I called, and sure enough, as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account,” according to Blackman.

”I work for a service providing company and service reps receive commission based on their client satisfaction, and because of it there’s a constant tension between providing a good customer experience and protecting security and privacy. This means going by the book, keeping privacy standards high and just think about client satisfaction and provide them with what they need.”

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA