skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Google OAuth Vulnerability Risks Data Exposure for Millions

/ 1 min read

🌀 Google’s OAuth vulnerability risks sensitive data exposure for millions. New research reveals a significant flaw in Google’s “Sign in with Google” authentication process, allowing unauthorized access to sensitive data by exploiting domain ownership changes. Truffle Security’s CEO, Dylan Ayrey, highlighted that purchasing a defunct startup’s domain could enable attackers to recreate email accounts of former employees, granting access to various SaaS applications, including HR systems containing personal information. Although Google acknowledged the issue and reopened the bug report, there are currently no protective measures for downstream software providers. This vulnerability underscores the need for immutable user identifiers to safeguard accounts against future domain ownership changes.

Source
{entry.data.source.title}
Original