Hosted on MSN24d
Google’s OAuth flaw is potentially exposing millions of accounts
Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...
Millions Of Sign-In-With-Google Users Warned Of Data-Theft Vulnerability
A security vulnerability in the “Sign In With Google” OAuth authentication process could allow attackers to access sensitive data from millions of accounts.
TechRadar24d
A flaw in Google OAuth system is exposing millions of users via abandoned accounts
Buying domains from businesses that shut down could grant access to their SaaS accounts ... Experts have found a vulnerability in Google’s OAuth “Sign in with Google” feature which could ...
Bleeping Computer26d
Google OAuth flaw lets attackers gain access to abandoned accounts
A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to ...
Ars Technica25d
Startup necromancy: Dead Google Apps domains can be compromised by new owners
With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems. Ayrey writes that he bought a defunct ...
Security Boulevard5d
Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip
Explore how the Cyberhaven attack exposes the dangers of 'consent phishing', a tactic that bypasses even robust security ...