FBI Warns Gmail, Outlook, AOL, and Yahoo Users of New Account Vulnerability


The FBI warns Gmail, Outlook, AOL, and Yahoo users that hackers can now bypass multifactor authentication (MFA) by stealing session cookies from “remember me” logins. Cybercriminals use malware from phishing sites to capture these cookies, giving them access to accounts without needing usernames, passwords, or MFA. While tech companies work on solutions to counter this, the FBI advises users to clear cookies regularly, avoid “remember me” on shared devices, check login histories, and stay cautious online. Emerging passkeys may provide added security against these evolving threats.


The FBI recently warned that cybercriminals can now bypass multifactor authentication (MFA) to access email accounts on major providers, including Gmail, Outlook, Yahoo, and AOL.

How Hackers Exploit Cookie Theft

Hackers are leveraging cookie theft to gain unauthorized access. Specifically, they target “remember me” session cookies, often created when users select “Remember this device” during login. This type of attack begins when users visit malicious sites or click on phishing links, leading to malware installation on their devices. Once infected, hackers can capture session cookies, enabling them to bypass usernames, passwords, and even MFA.

Broader Account Vulnerabilities

The FBI warns that this method not only affects email providers but also extends to shopping and financial accounts. While some financial platforms include added security measures, many other accounts remain susceptible.

Combatting Cookie Theft

Tech companies like Google are working on security upgrades to link cookies to specific devices, making stolen cookies less useful. However, the FBI stresses that cookie theft is still a significant risk.

To protect yourself, the FBI recommends:

– Clearing cookies from your browser regularly.
– Avoiding “Remember me” options on shared or public devices.
– Staying cautious with links and visiting secure sites (HTTPS).
– Frequently checking your account’s login history for any unfamiliar activity.

While MFA remains important, passkeys—digital keys tied to specific devices and often using biometrics—are emerging as a secure alternative as cyber threats continue to evolve.

Stay Updated!
Join our WhatsApp Channel for the latest updates, exclusive content, and more! Click the link below to join now:
👉 Join Our WhatsApp Channel

Leave a Reply

Your email address will not be published. Required fields are marked *