Google contradicts: No major Gmail security vulnerability
Reports of a far-reaching Gmail security warning are false, writes Google. The source of this could be the Salesloft vulnerability.
(Image: Diego Thomazini/Shutterstock.com)
Reports have recently been doing the rounds that 2.5 billion Gmail accounts are at risk. Now Google feels compelled to comment on this. In an unusual response, the company emphasizes that its protection mechanisms are "strong and effective".
Google announced this on Monday in the Workspace blog. "Gmail's protections are strong and effective, and the claims about a major Gmail security warning are false," Google captioned the post, explaining that "several inaccurate claims have recently surfaced that we have issued a broad warning to all Gmail users about a major Gmail security issue". This was completely false.
Tracking down
"Although phishers are always investigating how to access inboxes, our protections continue to block more than 99.9 percent of phishing and malware attempts from reaching users," Google continued.
However, there is a connection between the reports and compromised login tokens in the AI chatbot platform Salesloft Drift. The investigation was updated by Google's Threat Intelligence Group (GTIG) on the weekend.
The GTIG researchers found that OAuth tokens from the "Salesloft Drift Email" integration were also misused by criminal groups to gain access to emails in Google Workspace accounts. Access was thus possible to workspace accounts that used the Salesloft Drift integration. Google has notified all admins of affected Google Workspaces – this coincides with the timing and subject of what Google says are erroneous reports.
Videos by heise
The Salesloft drift problem is actually more far-reaching and also affects providers apart from Google. The IT security company Zscaler uses Salesloft's AI chatbots. As Zscaler has now announced, criminals have also gained access to Zscaler's Salesforce instances with compromised access tokens and were able to view customer data. This includes names, business email addresses, job titles, phone numbers, location information, data on licensed Zscaler products and commercial information, as well as plain text information on certain support cases – at least without attachments, files and images.
Google concludes by advising users to use the password alternative Passkeys for additional protection and to implement the instructions for "avoiding phishing emails". This is not a bad tip in principle. However, Google does not discuss how this should prevent compromised OAuth tokens that third-party providers have not protected correctly.
(dmk)
