Google Cloud Platform (GCP) A major flaw has been reported. Due to this zero-day flaw in Google’s cloud service, users’ accounts and their data were accessed. Cyber expert team has detected this problem in Google’s cloud service. Because of this, hackers had access to all Google services including Google users’ Gmail, Google Drive, Google Docs, Google Photos.
Experts of Astrix Sexurity have detected this problem in Google’s services. According to experts, due to this flaw or bad actor, Google Cloud Platform app was created, and it started advertising through Google Marketplace or third party providers. If a user authorizes a Google Account by installing the Google Cloud app on their device, it gets linked in the OAuth token, through which cyber criminals get access to the user’s Google Account.
Data theft through Ghost Token
This threat actor makes the app invisible and removes it from Google’s app management page. The researchers noted that the App Management page is the only place Google users can view and revoke access to their apps. Due to this flaw, the affected apps were not able to be removed from the Google account.
Through this, hackers can generate a new token to access the user’s account and retrieve the account’s data. Because of this, the identity of the user can be stolen. Researchers have named this token as Ghost Token. This flaw in Google Services was discovered last year, which has been fixed in April this year. However, Google has now removed this loophole.
&version;