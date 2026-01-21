Image generated with AI.



The tampering of YouTube channels is causing a sensation Andrea Galeazzione of the best-known technology reviewers in Italy with 1.4 million subscribers on Google’s video platform. Cybercriminals have effectively transformed the platforms of the 52-year-old Milanese YouTuber into “showcases” for cryptocurrency-related scams, not through an attack conducted by violating a weak password, but with a well-studied maneuver that exploited vulnerabilities intrinsic to the authorization protocols that we use every day. In the specific case of Galeazzi, the attackers combined social engineering with artificial intelligence. They also abused the system OAuth to bypass two-factor authentication, a barrier that is always advisable to activate but which, alone, is not enough to make an account inviolable. Let’s see, therefore, how a google account can be hacked and, above all, how to defend yourself.

How a 2FA protected Google account can be hacked

The theft of the Google account involving Andrea Galeazzi is the result of a targeted attack, which was well studied by the cyber criminals who perpetrated it. Galeazzi himself confirmed that he had lost access to his Google account and all connected services, even though two-factor authentication (or 2FA) was active. But how can you hack a Google account protected by 2FA? Thanks toabuse of OAuth authorization mechanisms via targeted phishingwhich allows hackers to bypass traditional defenses thanks to a bait tailored to the potential victim. The attackers, posing as a microphone brand with which the tech YouTuber had already collaborated in the past, exploited real information (such as community complaints about the audio quality of some videos) for make the bait message as credible as possible.

It is precisely here that artificial intelligence plays a crucial role: today AI can analyze enormous quantities of public data to build psychological and narrative profiles of victims, making phishing emails almost indistinguishable from legitimate communications and drastically lowering the attention span of even the most experienced users. Everything we publish on social media (posts, comments, stories, etc.), if captured by the AI ​​used by cyber criminals, could help the latter to construct tailor-made messages with which to try to deceive us. And you understand well that, if an email talks about facts and situations that directly involve us, they can significantly lower our attention threshold and push us to make that extra “click” that makes us lose access to our online data.

The most insidious technical aspect of this breach lies in the abuse of the protocol OAuth. To put it as simply as possible, this is essentially a standard that allows an online service or app to be authorized to access another service without disclosing private information. You know when, when accessing a service, messages like “Sign in with Google?” or “Allow this app to access your account?“Well, that’s the signal that the OAuth protocol is being used. Everything happens via theissuing an access token done by an authorization server to a third-party client, and requires approval from the user who is the owner of the resource you intend to access.

When we use our Google account to access third-party services, by clicking on “Continue”, if the login screen via OAuth protocol was maliciously generated by an attacker, victim orders Google to generate an “access token”. Since the user is usually already logged in to the browser, the system does not require two-factor authentication again, interpreting the action as a legitimate granting of permission. Once hackers obtain this token they can carry out significant operations on the account, sufficient in many cases to progressively take control of the connected services.

How to secure your Google account beyond 2FA

To adequately protect a Google account obviously It’s not enough to enable two-factor authentication (which remains, together with setting a strong password, a security measure basic). We need to do something more. For starters, it’s advisable use the diagnostic tools made available by Googleconsulting them regularly. The system uses a very intuitive visual code to communicate the risk status of the account. By accessing your profile from this page, pay attention to the different icons you may find and their colors:

Blue indicates simple suggestions for improving security;

indicates simple suggestions for improving security; Yellow points out important passages that should not be ignored;

points out important passages that should not be ignored; Redrepresents urgent notifications that require immediate action.

How to check the security of your Google account.



Your goal, as much as possible, is to turn the icons of the aforementioned colors into one green tick (as in the screenshot preceding this paragraph), the symbol with which Google marks an account that is intact, with all protection measures active.

In addition to constant monitoring through these tools, for those who manage valuable digital assets or want the highest level of security, activating Google’s Advanced Protection Program is the definitive solution. This free system proactively blocks access to unverified apps, preventing the generation of malicious OAuth tokensand imposes theuse of physical security keys for access (hardware token or passkey on your device), making any attempt to steal credentials or session theft futile. And if this last option seems like an excessive measure to take, remember that to extreme evils… extreme remedies.