A flaw in Google OAuth system is exposing millions of users via abandoned accounts
Posted by:
Emma Walker
**Title: Google Vulnerability Allows Access to Shut Down Businesses’ Data**
A recent study has highlighted a concerning flaw in Google’s “Sign in with Google” feature that could potentially expose sensitive information from defunct businesses. Security researchers from Trufflesecurity uncovered the vulnerability in September 2024 and brought it to Google’s attention. Despite acknowledging the issue, Google is placing the responsibility on businesses to safeguard their data even after closure. The process involves malicious actors taking over a defunct business’s domain to access residual data left on platforms like HR services. While Google provided some insights and recommendations to mitigate the risk, experts suggest further measures such as introducing immutable identifiers to prevent such incidents. Stay informed and updated with the latest cybersecurity developments.
Recent Posts1
