Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Millions of Accounts Vulnerable Due to Google OAuth Flaw

2025-01-14
Millions of Accounts Vulnerable Due to Google OAuth Flaw

A new study reveals a critical vulnerability in Google's "Sign in with Google" authentication flow, potentially exposing millions of Americans' data. Attackers can purchase domains from defunct startups, recreate former employees' email accounts, and gain access to various SaaS services linked to those accounts, including HR systems and chat platforms containing sensitive information. The researcher reported the issue to Google, which initially marked it as "won't fix." Only after the researcher's Shmoocon talk was accepted did Google reopen the issue and pay a bounty. While Google is working on a fix, millions of accounts remain vulnerable.

(trufflesecurity.com)
Tech
Allstate Sued for Secretly Tracking Drivers via GasBuddy and Other Apps
dbt Labs Acquires SDF Labs to Supercharge Developer Experience