Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault | PhishU Blog

Vaultjacking is an attack technique that exploits Google Password Manager by using a captured 6-digit PIN to decrypt and steal a user’s entire synced vault of passwords and passkeys. By leveraging Adversary-in-the-Middle phishing to gain the PIN and persistence, attackers can bypass security measures to access sensitive credentials across all sites where the user relies on Google’s sync layer.