Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.
“In the last few weeks, we identified a small-scale abuse campaign whereby bad actors circumvented the email verification step in our account creation flow for Email Verified (EV) Google Workspace accounts using a specially constructed request,” the notice from Google read. “These EV users could then be used to gain access to third-party applications using ‘Sign In with Google’.”..
On July 12, a number of domains tied to cryptocurrency businesses were hijacked from Squarespace users who hadn’t yet set up their Squarespace accounts. Squarespace has since published a statement blaming the domain hijacks on “a weakness related to OAuth logins”, which Squarespace said it fixed within hours…
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts
- This topic has 0 replies, 1 voice, and was last updated 10 months, 1 week ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Set default size for pasted photo to word
by 2 hours, 54 minutes ago
-
Dedoimedo tries 24H2…
by 1 hour, 1 minute ago
-
Windows 11 Insider Preview build 27871 released to Canary
by 1 day, 1 hour ago
-
Windows 11 ad from Campaign Manager in Windows 10
by 23 hours, 12 minutes ago
-
Small desktops
by 1 hour, 4 minutes ago
-
Totally disable Bitlocker
by 1 day ago
-
Phishers extract Millions from HMRC accounts..
by 23 hours, 29 minutes ago
-
Windows 10 22H2 Update today (5 June) says up-to-date but last was 2025-04
by 2 days, 5 hours ago
-
Thoughts on Malwarebytes Scam Guard for Mobile?
by 34 minutes ago
-
Mystical Desktop
by 2 days, 9 hours ago
-
Meta and Yandex secretly tracked billions of Android users
by 1 day, 14 hours ago
-
MS-DEFCON 2: Do you need that update?
by 6 hours, 22 minutes ago
-
CD/DVD drive is no longer recognized
by 3 days ago
-
Windows 11 24H2 Default Apps stuck on Edge and Adobe Photoshop
by 3 days, 3 hours ago
-
North Face and Cartier customer data stolen in cyber attacks
by 3 days, 1 hour ago
-
What is wrong with simple approach?
by 23 hours, 19 minutes ago
-
Microsoft-Backed Builder.ai Set for Bankruptcy After Cash Seized
by 3 days, 12 hours ago
-
Location, location, location
by 2 days, 3 hours ago
-
Cannot get a task to run a restore point
by 3 days, 14 hours ago
-
Frustrating search behavior with Outlook
by 3 days, 4 hours ago
-
June 2025 Office non-Security Updates
by 4 days ago
-
Secure Boot Update Fails after KB5058405 Installed
by 2 days, 3 hours ago
-
Firefox Red Panda Fun Stuff
by 4 days ago
-
How start headers and page numbers on page 3?
by 4 days, 11 hours ago
-
Attack on LexisNexis Risk Solutions exposes data on 300k +
by 3 days, 13 hours ago
-
Windows 11 Insider Preview build 26200.5622 released to DEV
by 4 days, 19 hours ago
-
Windows 11 Insider Preview build 26120.4230 (24H2) released to BETA
by 4 days, 19 hours ago
-
MS Excel 2019 Now Prompts to Back Up With OneDrive
by 4 days, 9 hours ago
-
Firefox 139
by 4 days, 2 hours ago
-
Who knows what?
by 3 days, 4 hours ago
Remembering Woody
