VaultJacking Attack Steals Entire Google Password Manager Vault With One Captured PIN
Researchers disclose VaultJacking, a phishing technique that exploits Google's cross-device sync to exfiltrate every saved password and passkey using a single captured 6-digit GPM PIN.
A new phishing attack documented by researchers at Phishu, dubbed VaultJacking, demonstrates that a single captured 6-digit PIN can be enough for an attacker to steal the entire contents of a victim's Google Password Manager vault. The technique exploits the design of Google's cross-device credential synchronization mechanism, requiring no prior device compromise, no malware installation, and no persistent foothold on the victim's machine. According to the report shared with Cyber Security News, the attack proves that synced credential vaults introduce an outsized risk when their unlock secret is captured through a single, well-timed phishing event.
The attack works by targeting the Google Password Manager PIN, a 6-digit code used to protect the Security Level Secret that decrypts the synced vault. When a victim enters this PIN on a phishing page styled to match Google's real prompt, the attacker captures it immediately. The PhishU framework's sync-dup component then uses that captured PIN along with an operator-owned passkey to authenticate into the victim's Google account from the attacker's own infrastructure—bypassing Google's Live Device Found Session Credentials defense, which is designed to require the original device and session context.
Once authenticated, the attacker's infrastructure registers as a new device on the victim's security domain and initiates a sync operation. Google's Security Token Service decrypts the vault using the captured Security Level Secret, and every stored credential—usernames, passwords, and even passkeys—flows directly to the attacker. Crucially, passkeys created in Chrome 359 and later write their private-key bytes to a local Passkeys SQLite database, and those raw bytes are included in the sync payload, meaning even hardware-backed passkeys are recovered in full.
The implications are severe. An attacker who captures a single 6-digit PIN can exfiltrate every credential the victim has ever stored in Google Password Manager, including third-party logins, corporate credentials, and passkeys tied to high-value accounts. Because no rate limiting or re-entry prompt is triggered after the PIN is captured, the extraction proceeds uninterrupted. The attack also affects users who sync work credentials alongside personal ones in the same Chrome profile, as the attacker does not distinguish between the two.
Phishu's report emphasizes that VaultJacking is not an unpatched bug but rather an accepted design trade-off in Google's sync architecture. Defenders are advised to use separate Chrome profiles for work and personal credentials, deploy on-premises password managers that do not interact with Google Sync for sensitive environments, and train users to treat notifications such as "new passkey added" or "new sign-in on Windows" as authentication events worth verifying. Organizations that have deployed passkeys without enforcing authentication-resistant monitoring and security-domain governance are already operating against this exact threat model.
Google has not yet issued a formal statement on VaultJacking, but the attack highlights the central tension in modern password management: the convenience of cross-device sync comes with a single point of failure. If that failure is a 6-digit PIN captured through a well-crafted phishing page, the entire vault is compromised. The security community is now focused on how to harden sync-layer architectures without sacrificing the usability that makes them so popular.