59
Russian hackers bypass Gmail MFA using stolen app passwords
(www.bleepingcomputer.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Jun 2025
59 points (100.0% liked)
Cybersecurity
7940 readers
37 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
I get that this is a social engineering angle, but would something like a yubikey help prevent this?
I was scammed once out of my savings. it was one of those basic ass credit card fraudulent transaction scam. Can't believe I've fallen for it. so I'm pretty suspect of calls now.
In this case with app passwords it would not. App passwords is a feature to basically support less secure software and scenarios. The problem here is password reuse.
App passwords by design are limited to one auth method or source. Imagine a photo copier sending email. If you needed MFA for each copy and to change the password every 30-90 days, it would be a pain. So app password , longer harder password only used for the one place. But people still use easy password that they use elsewhere.