Google – “There has been a change to your account” notification plagues Android users
It seems that google has recently pushed out an update that has affected EVERYONE with a Gmail account and an Android smartphone.
The notifications come from an update that aims to make 2 step authentication more secure for users. Instead it seems to have scared a very large amount of google users as they think that the notification indicates a compromise of their account. There have been multiple reports of users receiving this notification, myself included and it seems to enable a new feature on your Google account and Android smartphone which will use a notification system on your phone rather than a text message or voice call for 2-step authentication.
2 step authentication has been proven to be an insecure technology as hackers are able to use social engineering to hijack your cell phone.
Social engineering is the process by which you get enough information from a user and essentially pretend to be the original user. Social engineering can trick your average customer service representative to make fundamental changes to your account which can lead to them changing your cell phone number, email address, or even activating a new SIM card. The perpetrator can then hijack your gmail account using 2-step authentication with modified information or a fake SIM cars as your texts and calls will now be redirected to his/here cell phone.
The new process sends a direct notification right to your smartphone rather than sending a text message, as the cell phone number can easily be hijacked by the process mentioned above. The new system seems to rely on the current devices to which your account is logged into which you can view from your google account dashboard. Which will look similar to the picture below.
This notification on your cell phone should scare you, and should prompt you to at least take a step towards securing your account. Now would be the perfect time to switch to a service such as LastPass to secure all of your accounts with password that are hard to brute force.
Lastpass is a service which allows you to have many secure passwords for all of your accounts while letting you remember ONLY ONE password which you hopefully make sure is secure. If you get your lastpass account compromised you are sure to lose access to ALL of you accounts. PLEASE make sure you use a secure password including capital letters, special characters and numbers and symbols if you choose to use a single password service such as lastpass.
If you do not use a service such as lastpass you can simply log back in using your normal gmail address and password and be assured that your account is not compromised but you are simply a part of the bug that has affected everyone on a global scale due to a simple google security update.