Google OAuth Flaw Exposes Millions of Accounts to Risks
/ 1 min read
🌐🕳️ Google’s OAuth flaw exposes millions of accounts to potential data breaches. A significant vulnerability in Google’s “Sign in with Google” authentication allows individuals to access accounts of former employees from defunct startups by purchasing their old domains. This issue arises because Google’s OAuth system does not adequately protect against domain ownership changes, enabling unauthorized access to sensitive data across various SaaS platforms. With over 6 million Americans working in tech startups, and 90% of these startups failing, the potential for data compromise is vast, affecting more than 10 million accounts. Although Google has acknowledged the issue and reopened a vulnerability ticket, a definitive fix has yet to be implemented, leaving many users’ data at risk.
