According to a 2023 analysis from security firm CloudSEK, there was allegedly an exploit in Google cookies that allowed hackers to access Google services even after users reset their passwords.
The malware utilizes third-party cookies to gain unauthorized access to users’ data, giving the hackers “continuous access” to Google accounts despite password resets.
This technique is already being tested by hacking groups, underscoring the complexity of modern cyber threats. While blocking cookies can prevent access, it also disables helpful features like staying logged into other accounts.
According to Google’s statement to The Independent, they routinely upgrade defenses against such techniques and secure compromised accounts.
However, CloudSEK recommends logging out completely on all devices and browsers before resetting passwords, as quick resets may not solve the issue for advanced malware.