Startup Necromancy: Exploiting Abandoned Google Apps Domains

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Startup Necromancy: Exploiting Abandoned Google Apps Domains

2025-01-15

A security researcher discovered a critical vulnerability: improperly shutting down Google Workspace accounts leaves defunct startup domains vulnerable. New owners can reactivate former employees' Google accounts, granting access to third-party services (Slack, ChatGPT, Zoom, etc.) accessed via Google OAuth. Sensitive data, including tax documents and internal communications, becomes exposed. Google initially dismissed it, but after the researcher's Shmoocon presentation, they reevaluated, offering a bounty. This highlights the risk of insufficient account closure procedures and potential weaknesses within OAuth authentication.

(arstechnica.com)

Tech

OpenAI Misses Deadline for Photographer Opt-Out System

GOG Joins Forces for Game Preservation: A European Collaboration