2.5 billion Gmail and Google Cloud compromise accounts: you are the target of pirates, how to protect yourself?

Gmail

Gmail is Google’s free electronic email service. Users with an Android device have an automatically Gmail messaging that serves as a Google-Android account.

• License:
  Free license
• Author :
  Google
• Operating systems:
  Online service, Android, iOS iPhone / iPad
• Categories:
  Internet, communication

The first effects are felt since on Redditpeople explain that they have received telephone calls from people who present themselves as Google employees speaking of a security violation on their account.

The first attacks are already felt

The pirates then try to get their hands on the Gmail accounts with false “Account resets” Then to intercept the passwords and definitively lock access to the owner. Obviously, nothing indicates that these calls have a link with data leak, but impossible not to think about it.

Another attack exploits “Dangling Buckets”obsolete access addresses from Google Cloud. These flaws allow hackers to steal data and inject malware into cloud systems. In short, these two methods are a huge danger, both for businesses and for individuals.

Google has confirmed intrusion and specifies that compromise data concerns general information such as customer names and businesses. Passwords would not have been exposed, but this information allows hackers to carry out very targeted phishing attacks against users.

To protect itself, Google recommends three essential measures:

• First, use Google’s Security Checkup that automatically identifies safety vulnerabilities and offers personalized recommendations.
• Then, activate the Google advanced protection program to create an additional safety barrier that blocks potentially dangerous file download and limits third -party applications to Gmail data.
• Finally, favor access keys (“Passkeys”) Instead of passwords for better protection against hacking and phishing.

Obviously, the best advice remains to be vigilant, especially if someone pretending to be Google’s support calls you.

The Mountain View firm also recalls an essential rule: its employees never contact the user by phone or email to reset a password or make changes to the account.