How Gmail ID Can Be Hacked Despite Having Google’s Two-Factor Authentication On

The Two-factor authentication is believed to prevent Gmail accounts from getting hacked.

But what happened with indie developer Grant Blakeman shows how two-factor authentication can be beaten to takeover a Gmail account.

Writing on the newly emerging social media site Ello, Blackman revealed how hackers hacked his Instagram account through his Gmail account. Despite the fact he was using two-factor authentication, the hackers were able to reset his Gmail password without any meaningful obstacles or security issue.

READ MORE: Researchers show how to hack Gmail with 92% success rate

So what actually happened?

Blackman woke up to a text on Saturday morning which was only about twenty minutes old.“Google Account password changed” it read. He tried to login in to his Gmail account but all in vain. Regardless of what he tried, Blackman couldn’t get in to his own Gmail account. He then tweeted about the hack where he was lucky enough to receive a response from Wired’s staff writer Mat Honan, who told Blackman to check with his cell phone provider and make sure that call-forwarding had not been enabled on his number without his knowledge.

''I called, and sure enough, as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account,'' according to Blackman.

The post went viral and appeared on Hacker News. One of the commenter going with the handle of jasonisalive said that:

''I work for a service providing company and service reps receive commission based on their client satisfaction, and because of it there's a constant tension between providing a good customer experience and protecting security and privacy. This means going by the book, keeping privacy standards high and just think about client satisfaction and provide them with what they need.'' 

Grant Blakeman was lucky to get a reply from Wired’s staff writer Mat Honan who helped him to restore all his accounts, but there many users getting hacked everyday without further knowledge of what to do next or how to restore their accounts.

READ MORE: Login with Google’ New USB Device and Keep Your Gmail Secure

This incident shows that two-factor authentication is not the solution for keeping your account secure. Just like we always say ‘‘Security in a Myth”.