A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password Manager (GPM) PIN can expose an entire user credential vault.
The attack shows that even passkeys widely promoted as phishing-resistant can be indirectly compromised when attackers target the underlying sync infrastructure instead of individual login flows.
VaultJacking operates through a standard Adversary-in-the-Middle (AiTM) phishing setup. During a fake but convincing Google sign-in session, attackers capture not only the victim’s credentials and session cookies, but also their 6-digit GPM PIN.
That seemingly small piece of data becomes the master key to decrypt every password and passkey stored in the victim’s synchronized Google account.
Unlike traditional phishing attacks that harvest credentials one site at a time, VaultJacking delivers complete account takeover in a single step. Once the PIN is obtained, attackers can join a new device to the victim’s Google “security domain,” a trusted group of devices allowed to access synced credentials.
This process unlocks the Security Domain Secret (SDS), which decrypts the entire vault on the attacker-controlled system.
Researchers confirmed that the attack works even against accounts using passkeys, including hardware-backed implementations.
While passkeys remain secure at the individual website level due to WebAuthn origin binding, VaultJacking bypasses that protection entirely by extracting credentials from the sync layer beneath.
The attack chain is highly automated. After phishing the PIN, attackers register their own passkey on the victim’s account to maintain persistence.
Google Password Vaults via Single PIN
They then authenticate using this passkey and trigger a security-domain join on their infrastructure. Once the PIN is entered, the system syncs all stored passwords and passkey metadata to the attacker’s environment, enabling access to banking, email, enterprise systems, and access cryptocurrency platforms.
The SDS unlock dialog fires when the worker triggers a passkey assertion against a controlled Relying Party endpoint the Framework operates for this purpose.
Notably, the process generates minimal user-visible alerts. Victims may receive standard “new sign-in” or “new passkey added” emails, but no push notifications or device approval prompts are triggered.
If attackers also gain access to the victim’s inbox, these alerts can be suppressed entirely, making the compromise effectively invisible.
The root issue lies in Google’s design choice to rely on a short PIN for device enrollment without requiring cross-device approval.
Competing ecosystems, such as Apple’s iCloud Keychain, require explicit authorization from an existing trusted device before granting access to synced credentials. Google’s approach prioritizes usability and account recovery but introduces a significant phishing risk.
Security experts emphasize that VaultJacking is not a cryptographic flaw in passkeys themselves, but rather a weakness in how synchronized credential stores are protected.
According to Phishu, the attack highlights the importance of monitoring device enrollment events and enforcing stronger authentication controls, particularly for high-risk users such as administrators and developers.
Organizations using Google Workspace are advised to closely monitor audit logs for new device additions and treat them as potential security incidents. Additionally, separating personal and work Chrome profiles and avoiding credential mixing across accounts can reduce exposure.
The discovery also follows reports of a related technique known as “Browser Syncjacking,” which abuses malicious extensions to access the same sync layer.
However, VaultJacking is considered more dangerous because it requires no malware or device access only a successful phishing session.
As passkey adoption accelerates, this research underscores a critical reality: eliminating passwords does not eliminate phishing risk.
Attackers are simply shifting focus to weaker links in the authentication ecosystem, and in this case, a six-digit PIN is all it takes to unlock everything.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
