By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
RebruitRebruitRebruit
  • Latest
  • Finance
  • Technology
  • Security
  • Guides
Reading: How to Secure Your Gmail account in 2024, Google advice user
Font ResizerAa
RebruitRebruit
Font ResizerAa
Search
  • Latest
  • Finance
  • Technology
  • Security
  • Guides
Follow US
  • About
  • Our Standards
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of use
© 2025 REBRUIT | We don’t control content on external sites. Read more about how we handle external links

Home » How to Secure Your Gmail account in 2024, Google advice user

Guides

How to Secure Your Gmail account in 2024, Google advice user

January 6, 2024
Share
4 Min Read
Google
Image Credit: Google
SHARE

Gmail is the world’s most popular email platform and I give the credit to Android which indirectly forces new and old users to either create or sign in with their Google account before they can use any of the Google services on an Android device.

We are talking about Google Play, YouTube, Google Assistant, Google Bard, Google Photo, Adsense, Google Map, and many other Google services including Gmail. Simply put it this way, you can’t enjoy an Andriod phone without Google services, period.

Of course, there are maneuvers to get the apps you want by simply Sideloading them. But even at that, it still comes with a cost. By following this route to get an app installed, you put your device at risk of installing malicious apps.

Since sideloaded apps bypass the security measures put in place by Google, your device is exposed to a higher probability of getting malware or other dangerous software, not to mention the time it would take to get the app installed.

But if you do it right with Google, on Google Play, you save yourself a lot of trouble, and be rest assured that all apps installed with a single click are checked by Google to ensure they are safe for use.

There are 4 billion email users worldwide as of 2020 and a higher portion of this figure goes to Gmail with over 1.8 billion active users as of the same year. This puts Gmail at the forefront of attacks.

An intelligence analysis by CloudSEK researcher Pavan Karthick M, published on December 29, 2023, shared an alarming concern on a vulnerability they found with Google accounts.

From their observations, attackers are exploiting an undocumented authentication endpoint, primarily used for cross-services synchronization, to compromise Google accounts.

The attackers gain unauthorized access to users’ accounts by manipulating session cookies, eliminating the need for credentials, and providing direct entry into Gmail inboxes.

The exploit was first noticed on October 20 via a Russian-language Telegram channel and by November 14, it had been incorporated into malware by the Lumia criminal group and subsequently adopted by other organizations.

As of December 27, dark web activities demonstrate ongoing usage of this exploit against Google account session cookies. But unlike typical session cookie hijacks, this exploit distinguishes itself by restoring expired session cookies, allowing prolonged unauthorized access.

Changing your Google password does not prevent the attack, as the exploit facilitates continuous access to Google services even after a password reset. However, Google is not oblivious to the situation.

A company spokesperson has acknowledged the reports of a malware family stealing session tokens and has assured users that Google has routinely enhanced its defenses against such threats.

Contrary to some claims, Google states that stolen tokens and cookies can be invalidated by signing out of the affected browser or remotely revoking access through the user’s devices page. Google also recommends enabling Enhanced Safe Browsing in Chrome to fortify defenses against phishing and malware downloads.

With Google’s response to the threat, CloudSEK provides a comprehensive strategy for users to safeguard their accounts. If users suspect their accounts may have been compromised, or as a precaution, CloudSEK advises signing out of all browser profiles to invalidate current session tokens.

Following these actions, users should reset their passwords and sign back in to generate new tokens. Resetting the password disrupts unauthorized access by rendering the old tokens ineffective, thereby creating a crucial barrier against the exploit’s continuation.

Share This Article
Facebook Whatsapp Whatsapp Bluesky Copy Link
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

Block
Square’s Bitcoin Payment Pilot: Bringing Crypto to Everyday Retail
Finance
METAMASK
MetaMask Embraces Solana: A New Era for Multi-Chain Wallets
Finance
Read Smarter, Not Harder
Read Smarter, Not Harder: These Apps Will Help You Read More Anywhere
Guides
Samsung-One-UI-8
15+ New Features Coming to One UI 8
Latest
samsung
Don Belle Boost Samsung Galaxy A-Series Buzz
Latest

You Might Also Like

Paypal
Guides

Why Every PayPal User Needs to Be Extra Careful Right Now

April 29, 2025
Galaxy S25 Ultra
Guides

Get Free Samsung Galaxy Buds3 Pro with Galaxy S25 – Here’s How to Qualify and Claim

April 26, 2025
LemFi
Guides

How to Delete a Beneficiary on LemFi

April 26, 2025
rukoTV
Guides

YouTube TV App Disappears on Some Roku Devices: What to Know and How to Fix It

April 24, 2025
oneUI 7
Guides

Will I Ever Trust Samsung With 7 Years of Updates? Probably Not!

April 24, 2025
Temu
Guides

The Ultimate Temu Shopping Guide of 2024 and Beyond

April 22, 2025
FreePods Pro+
Guides

Oraimo FreePods Pro+ Review: Is the Upgrade Worth It?

April 24, 2025
How to Apply for the 2024 MTN Scholarship in Nigeria
Guides

How to Apply for the 2024 MTN Scholarship in Nigeria

April 24, 2025
Follow US
© 2025 REBRUIT | We don’t control content on external sites. Read more about how we handle external links
  • About
  • Our Standards
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of use
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?