Google’s Two-factor Authentication System Appears To Be Compromised

According to a technology expert and a developer’s tweet, Chris Lacy shared his experience that expressed curiosity or the fear of being hacked by a Google account he barely uses. While he tried accessing his account for personal reasons, he observed the two-factor authentication security code that protects his login has been compromised.

While he attempted to log in, the authentication code popped up as a message — but it also included a directory ad link promoting VPN carrier. This appears to be alarming since phishing and malware have bypassed Google’s security system.

Chris remained discreet about disclosing the name of the carrier that spammed his security code. Still, Google’s Identity and Security senior director, Mark Risher, noted that the authentication text Chris received was not sent from Google. “These are not our ads and we are currently working with the wireless carrier to understand why this happened.”

Other Google officials made it worth noting that the default message app on Android devices — the particular device Chris used did not display a preview of the SMS which depicts it’s spammed. Using this spammed authenticator will only give the perpetrators access to bypass your secure login.

In line with 9to5Google’s consent, Google has reportedly used verified SMS to secure and authenticate login passcode — this is currently available in some countries while the exact method of hacking Google isn’t vividly possible. Likewise getting spammed SMS from two-factor authentication codes has happened for the first time in history.

While TechBooky’s tech expert suggests it is best to opt-out from a two-factor authentication code generator until RCS messaging goes viral for better end-to-end encryption. Just like Twitter has decided to use security keys to replace two-factor authentication, aiming to avoid possible interception.

Just like Twitter, Google has reportedly used in-house security keys for safe login rather than getting spammed. Still, it is advisable to opt-in for hardware keys, generators, hardware keys, or push notifications for login security instead of an SMS.