SCOTTSDALE, Ariz.—As Pokemon Go players track down little monsters, they may also be opening up their Google accounts to fraud.
Security researcher Adam Reeve of ThirdCertainty noted that when some users sign into Pokemon Go through Google on Apple devices, they effectively give the game and its developer full access to their Google account.
“This means, that at least in theory, Niantic, the firm behind Pokemon Go, can access players’ Gmail-based email, Google Drive-based files, photos and videos, and any other content within their Google accounts. Niantic could potentially send emails on your behalf, or copy and distribute your photos,” the report stated.
The global popularity of the game is leading users outside the U.S. to obtain the Android version of Pokemon Go through unofficial channels—and hackers already have successfully posted malware-infected versions of the app in some file sharing services, ThirdCertainty noted.
“One variant of such a malevolent version of the app was discovered by the security firm Proofpoint and is quite serious: it infects Android devices and allows hackers to access the infected devices via a backdoor. Google says it’s notifying customers of the 4,000 state-sponsored cyber attacks a month amid security concerns about Pokemon,” ThirdCertainty reported.