skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Google OAuth Vulnerability Exposes Data from Abandoned Accounts

/ 1 min read

🔗 Google’s OAuth vulnerability exposes sensitive data from defunct startups. A security flaw in Google’s “Sign in with Google” feature allows attackers to register domains of defunct startups and access sensitive data from former employee accounts linked to various SaaS platforms. Discovered by Trufflesecurity researchers, the issue was initially dismissed by Google but later acknowledged after a presentation at Shmoocon. Despite a $1337 bounty awarded to the researchers, the vulnerability remains unaddressed. The flaw could potentially impact millions of accounts, as many startups fail and their domains become available for purchase. Experts recommend that users remove sensitive data from accounts when leaving a startup and avoid using work emails for personal registrations to mitigate risks.

Source
{entry.data.source.title}
Original