Failed Startups Leave Employees Vulnerable to Data Breaches via Google Logins
2025-01-20
A security researcher discovered a critical vulnerability exposing employees of defunct startups to significant data breaches. By acquiring expired domains, attackers can exploit "Sign in with Google" to access company cloud software, potentially stealing Slack messages, Social Security numbers, and bank account details. While Google's OAuth configuration includes safeguards, improper implementation by some SaaS providers leaves the vulnerability exploitable. Tens of thousands of former employees and millions of SaaS accounts are at risk. Google has updated its documentation, advising companies to properly shut down cloud services, but the issue remains unresolved.
Tech
startups