告诉 HN:攻击者利用 Google 家长控制阻止帐户恢复
8 分•作者: TazeTSchnitzel•10 天前
我认识的人 Google 账号刚被盗了,但常规的恢复方法却失效了,原因很有意思:攻击者把这个账号变成了受攻击者控制的“家长”账号管辖下的“孩子”账号。显然,这阻止了使用任何 Google 账号恢复方法(备用电话号码或电子邮件地址等),而无需家长同意。
显然,我认识的这个人并非个例,如果你搜索一下,会发现其他人也报告了他们是这种攻击的受害者。当然,对于普通用户来说,Google 的支持是形同虚设的,所以实际上没有真正的补救措施。这应该算是一个关于考虑不周的“儿童安全功能”后果的警告吗?
查看原文
Someone I know just had their Google account compromised, but the normal recovery methods don't work for an interesting reason: the attacker has made the account into a "child" account subordinate to an attacker-controlled "parent" account. This apparently blocks the ability to use any of the Google account recovery methods (backup phone number or email address etc) without parental consent.<p>Apparently this person I know isn't alone, if you search you can find other people reporting they've been victims of this. And of course, Google support is nonexistent for ordinary users, so there's no real recourse. Let this be a warning about the consequences of ill-thought-out "child safety features"?