According to a technology expert and a developer’s tweet, Chris Lacy shared his experience that expressed curiosity or the fear of being hacked by a Google account he barely uses. While he tried accessing his account for personal reasons, he observed the two-factor authentication security code that protects his login has been compromised.
While he attempted to log in, the authentication code popped up as a message — but it also included a directory ad link promoting VPN carrier. This appears to be alarming since phishing and malware have bypassed Google’s security system.
Chris remained discreet about disclosing the name of the carrier that spammed his security code. Still, Google’s Identity and Security senior director, Mark Risher, noted that the authentication text Chris received was not sent from Google. “These are not our ads and we are currently working with the wireless carrier to understand why this happened.”
Other Google officials made it worth noting that the default message app on Android devices — the particular device Chris used did not display a preview of the SMS which depicts it’s spammed. Using this spammed authenticator will only give the perpetrators access to bypass your secure login.
In line with 9to5Google’s consent, Google has reportedly used verified SMS to secure and authenticate login passcode — this is currently available in some countries while the exact method of hacking Google isn’t vividly possible. Likewise getting spammed SMS from two-factor authentication codes has happened for the first time in history.
While TechBooky’s tech expert suggests it is best to opt-out from a two-factor authentication code generator until RCS messaging goes viral for better end-to-end encryption. Just like Twitter has decided to use security keys to replace two-factor authentication, aiming to avoid possible interception.
Just like Twitter, Google has reportedly used in-house security keys for safe login rather than getting spammed. Still, it is advisable to opt-in for hardware keys, generators, hardware keys, or push notifications for login security instead of an SMS.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
