Google email verification bypassed to breach Workspace accounts

Google has confirmed that its email verification system was bypassed. In other words, the malicious actors were able to circumvent security protocols.

Google acknowledges email verification bypassed

Google has a simple yet highly robust and reliable email verification system that can confirm ownership of an email account. However, threat actors could bypass this process to fraudulently associate with legitimate accounts.

The security breach allowed hackers to create Google Workspace accounts. Additionally, malicious actors accessed third-party services without the involvement of the actual owner of the Google account.

🚨Attention, everyone! Crooks found a sneaky way to bypass Google’s email verification for Workspace accounts, accessing third-party services! Read the full scoop here: https://t.co/ucHpfh9BUv #CyberSecurity #GoogleWorkspace

— Frank Cisco 🌟 (@fcarmona) July 26, 2024

Google has acknowledged it is aware of the new exploit by releasing a statement, reported KrebsOnSecurity:

“In the last few weeks, we identified a small-scale abuse campaign whereby bad actors circumvented the email verification step in our account creation flow for Email Verified (EV) Google Workspace accounts using a specially constructed request. These EV users could then be used to gain access to third-party applications using ‘Sign In with Google’.”

Zscaler researchers have observed new activity from Kimsuky. The group used a new Google Chrome extension, “TRANSLATEXT”, that can bypass security measures for email service providers like Gmail, Kakao & Naver (popular in South Korea) to steal information. https://t.co/Qgopi4RdOM pic.twitter.com/38IciVfUsQ

— Virus Bulletin (@virusbtn) June 28, 2024

Anu Yamunan, director of abuse and safety protections at Google Workspace indicated the malicious activity began last month. Although an exact figure might not come forth, according to Yamunan, “a few thousand” Workspace accounts were created without being domain-verified.

How do you stay protected from the latest security threat?

Google not only acknowledged the security threat but plugged the exploit within 72 hours of its discovery. The search giant claims it has deployed additional detection protocols to shield users from such authentication bypass techniques.

This means internet users who rely on email verification need not worry. Regardless of whether Google patches the exploit, it would be wise to exercise caution for the next few weeks. Internet users should pay attention to emails that confirm subscriptions, logins, or purchases.

Unmasking *Tycoon 2FA : A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA : https://t.co/3DDoW1pY9h

*Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit : https://t.co/KcqpsbBEyB pic.twitter.com/N6o5I4kyDA

— Binni Shah (@binitamshah) May 11, 2024

One of the victims reportedly claimed malicious actors created an unauthorized Workspace account. They associated a legitimate domain with this account and attempted to sign into synced third-party services.

Over the next few days, internet users may receive legitimate emails from authentic service providers informing them of purchases or logins from unrecognized or suspicious locations. It would be prudent to check possible unauthorized access and change passwords if necessary.