The FBI has alerted millions of Gmail users to a new cyber threat that lets hackers steal accounts by exploiting session cookies, even bypassing the platform’s two-factor authentication (2FA) system.
According to cybersecurity experts, the attack begins when users click on fraudulent links or access infected websites. Once inside, malware steals the session cookies — the small files that keep you logged into accounts. This allows hackers to replicate valid login sessions and access Gmail, social media, and even online banking without knowing your password or 2FA code.
The FBI says cookie theft has become one of the most dangerous and overlooked forms of attack, as it gives intruders complete access to online services while appearing as legitimate users.
To defend against this growing threat, the FBI urges users to delete browser cookies regularly, avoid ticking “Remember this device,” ensure they visit only HTTPS-secured websites, and monitor Gmail’s login history for suspicious activity.
Google confirmed it is aware of the problem and is developing enhanced cookie protection systems, warning that session data will remain a key target for cybercriminals in the years ahead.
