Despite Google's attempts to reassure and downplay the issue, security researchers continue to warn of an exploit that uses an unauthenticated OAuth endpoint called “MultiLogin” to restore expired cookies and login to user accounts. This vulnerability seems to be particularly popular among malware developers at the moment.
The company says it has “secured the compromised accounts” and that the API is working as intended. Affected Update codes can be permanently disabled by manually logging out of the device. For the experts at Bleeping Computer, this is not a convincing answer, as it is not possible to determine how many people have actually been affected by the vulnerability, and no protection has been created for future victims.
Lifelong foodaholic. Professional twitter expert. Organizer. Award-winning internet geek. Coffee advocate.