Skip to main content

Google's two-factor glitch ends in 4chan attack

posted onJune 5, 2012
by l33tdawg

A flaw in Google's account-recovery process has resulted in CloudFlare CEO Matthew Prince losing control of his Google Apps for Business account, despite it being protected with two-factor authentication.

CloudFlare has been the unfortunate victim of an attack that used social engineering, which compromised two highly protected email accounts. It was ultimately directed at popular internet forum 4chan, for which CloudFlare acts as a host. In a blog post, Prince said that the attack on his company and himself may have begun in mid-May — he received an account-recovery request for his personal Gmail account then, even though he had not started the recovery process himself.

Prince was using a 20+ character, highly randomised password; however, the hackers were able to bypass it by asking Google for an account reset. One option for recovering an account is to have Google send a confirmation code to the phone number associated with the account, and where SMS is not available, it sends the code as a voice call. Prince believes that the hackers began the recovery process and intercepted the confirmation code by socially engineering US telco AT&T's support staff to gain access to his voicemail, where the code would have ended up.

Source

Tags

Google Security 4Chan Hackers cloud

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th