A recent security vulnerability in Google Workspace’s email verification process has been exploited, potentially exposing thousands of user accounts to unauthorized access.
Security experts have cautioned about a significant vulnerability, which allowed hackers to impersonate businesses and gain unauthorized access to third-party services using Google Workspace’s ‘Sign in with Google’ feature. Reports indicate that the vulnerability has been exploited over the past few weeks, impacting several thousand accounts. Some users have reported being affected by similar attacks since early June 2024, suggesting that the vulnerability may have been exploited for a longer duration than initially acknowledged.
The attacker exploited the vulnerability by bypassing the email verification step during the Google Workspace account sign-up process and then gained access to third-party services using the compromised account.
Google has reportedly patched the vulnerability within 72 hours of its discovery and implemented additional security measures. This incident underscores the persistent risk of information insecurity on online platforms, particularly when utilizing single sign-on features.
To minimize the risk, users are advised to regularly update their passwords, enable two-factor authentication, and exercise caution when handling suspicious emails or login requests.