告诉HN:攻击者利用谷歌家长控制功能阻止账户恢复
我认识的一个人刚刚遭遇了他们的谷歌账户被盗的情况,但正常的恢复方法由于一个有趣的原因无法使用:攻击者将该账户变成了一个“子账户”,并使其隶属于一个由攻击者控制的“父账户”。这显然阻止了在没有父母同意的情况下使用任何谷歌账户恢复方法(如备用电话号码或电子邮件地址等)。
显然,我认识的这个人并不是唯一的,如果你搜索一下,可以发现其他人也报告他们成为了这种情况的受害者。当然,对于普通用户来说,谷歌的支持几乎不存在,因此没有真正的补救措施。这是否应该成为一个关于不成熟的“儿童安全功能”后果的警示呢?
查看原文
Someone I know just had their Google account compromised, but the normal recovery methods don't work for an interesting reason: the attacker has made the account into a "child" account subordinate to an attacker-controlled "parent" account. This apparently blocks the ability to use any of the Google account recovery methods (backup phone number or email address etc) without parental consent.<p>Apparently this person I know isn't alone, if you search you can find other people reporting they've been victims of this. And of course, Google support is nonexistent for ordinary users, so there's no real recourse. Let this be a warning about the consequences of ill-thought-out "child safety features"?