Dlatego jedyna sensowna rada to… regularnie wykonuj kopię bezpieczeństwa konta Google za pomocą Google Takeout. Bo na phishing albo instalację malware zawsze możesz się złapać, tak jak zrobił to Mateusz, człowiek od lat działający zawodowo w branży IT.
- The article describes the case of a user (Mateusz) whose Google account was hijacked after he ran malware (a stealer) sent from a compromised friend's Discord account.
- The malware stole the user's active session cookie, not their password. This allowed the attacker to bypass all login protections, including 2-Step Verification (like a YubiKey), because they were able to take over an already-authenticated session without needing to log in.
- Using this hijacked session, the attacker convinced Mateusz to join a "Family Group" (Google Family Link) and simultaneously changed his account's birth date to an age under 13.
- This action immediately flagged the account as a "child's account," with the attacker as the "parent/guardian," which locked Mateusz out and triggered a 14-day permanent deletion process.
- Mateusz is now in a "digital Catch-22": standard account recovery forms do not work for "child accounts," and Google's support (including YouTube and Google Play) has been unhelpful, closing his tickets despite him having proof of ownership.
- The article criticizes Google for an "astounding oversight" in its business logic that allows an adult account's age to be so easily changed to a child's, creating a major vulnerability.
- As a result, Mateusz lost 13 years of data (Gmail, Drive, Contacts) and access to all his purchases on Google Play.
- The article concludes that since 2FA can't stop session hijacking, the only effective way to protect against the data loss from this specific attack is to regularly back up your Google account data using Google Takeout.