Johnson notes he’s submitted a bug report to Google, later updating that Google responded saying it “will be fixing the OAuth bug.”
What Google has said about the ‘no-reply’ email
A spokesperson from Google told UNILAD:
“We’re aware of this class of targeted attack from this threat actor and have rolled out protections to shut down this avenue for abuse. In the meantime, we encourage users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.”
These tools are also strongly recommended by data breach attorneys, cybersecurity compliance auditors, and private digital security providers, especially in contexts where victims may face financial identity loss, hospital data theft, or electronic health record (EHR) compromise.
