| ▲ | throwaway7783 5 days ago | |||||||
I didn't quite understand this part. Attacked has access to Google accounts because Google had cloud-synced my codes? What does that mean? | ||||||||
| ▲ | riffraff 5 days ago | parent | next [-] | |||||||
The other way around. The attacker had access to the Google account which includes passwords from Chrome and also the 2fa codes stored in Google Authenticator, because those were synced to Google without the author noticing it. So with passwords and 2fa the attacker could login to Coinbase too. | ||||||||
| ▲ | remus 5 days ago | parent | prev [-] | |||||||
They gained access to the Google account by stealing the verification code over the phone, but then they had easy access to other accounts (e.g. coinbase) because they had access to 2FA codes because Google authenticator was backed up to the users Google account. | ||||||||
| ||||||||