Security Threats: Malware Exploits Google Login Flaw and 23andMe Data Breach

With the start of another new year, there are already several security threats you should be aware of, along with some everyday reminders for data protection. At the beginning of the year there is typically an increase in phishing scams as people wait on multiple tax forms and information coming from dozens of places so they can report their taxes.

This post discusses two recent security threats: one is a malware taking advantage of a flaw in Google's authentication and the other was a data breach that hit 23andMe.

Security Threats: Malware Exploits Google Login Flaw and 23andMe Data Breach

Google OAuth

A recent security flaw in Google OAuth takes advantage of session cookies that are responsible for containing authentication information so users do not have to constantly log into accounts. As their name suggests, session cookies, are meant to last for a limited time or "session". The purpose of the limited lifespan is to prevent unauthorized access if a user's credentials are exposed.

The vulnerability allows cybercriminals the ability to gain unauthorized access to Google accounts by taking advantage of session cookies and reviving them, allowing them to be used as if they never expired.

Specifically, a Google OAuth endpoint called "MultiLogin" is what cybercriminals are exploiting. The purpose of "MultiLogin" is to synchronize accounts across different services. While this can be a helpful feature, many users will agree this threat poses a greater risk than it provides.

What you can do: Log into your Google account and check to see what devices have open sessions. Google has responded by stating that the session cookies being used can be revoked by the user. This is possibly by signing out of the affected browser or revoking the session in the user's devices page.  Remove any sessions you do not recognize.

The takeaway: This is a serious vulnerability and beyond simply logging out of an infected browser, if you suspect you have a Google account that has been compromised, there are additional steps you can take. Reset the affected browser to it's original state and remove all saved credentials for Google accounts, as well as any other accounts using the same credentials.

NOTE: Reusing credentials is not recommended for reasons just like this.

Use this link for more about the Google OAuth vulnerability.

23andMe breach

23andMe, the genetic testing company that many people have submitted personally identifiable information (PII) to, suffered a data breach in October. This breach was a multi-faceted attack. While the original breach occurred using user's previously compromised (and reused) credentials, once the cybercriminals gained access they were able to take advantage of a 23andMe feature. This feature allowed them to gain access to about seven million user accounts.

What you can do: After the breach 23andMe asked all users to update their passwords as well as adding multi-factor authentication (MFA). Additionally, 23andMe is requiring MFA for all new users. If you have other accounts that use the same credentials, you will want to change the passwords on those accounts right away. Additionally, setting up MFA on all accounts is advised.

The takeaway: While it is never a good idea to reuse credentials, and this breach is a good example of why, if users had MFA enabled, their previously exposed account credentials should not have been able to be successfully used to gain access to their 23andMe accounts.

Use this link for more about the 23andMe breach.

Every day new security vulnerabilities are found, threats are created, and breaches happen. The most important things you can do to protect your data security is to be diligent about where you create user accounts, use different credentials for each account, set up MFA on all accounts, never accept a MFA request if you did not initiate it, use caution clicking on links or opening suspicious emails. For now, it might make sense to log into your Google account and check the current sessions and change any credentials that match those you used with a 23andMe account.

As always, the best protection is creating unique and unexpected passwords!