Summary: A vulnerability in Google’s OAuth implementation allows the potential takeover of accounts belonging to former employees of failed startups by purchasing their domains. This could expose sensitive data stored on various SaaS platforms, as the old employee email accounts can be recreated. Truffle Security has identified over 100,000 domains at risk, potentially affecting around 10 million accounts.
Threat Actor: Unknown | unknown
Victim: Former employees of failed startups | former employees of failed startups
Keypoints :
- Vulnerability allows access to SaaS accounts by recreating old employee email accounts.
- Sensitive personal and internal information may be exposed through this method.
- Google acknowledges the issue but emphasizes the importance of proper domain closure by startups.