Summary: A vulnerability in Google’s OAuth “Sign in with Google” feature allows attackers to exploit defunct startup domains to access sensitive data from former employee accounts linked to various SaaS platforms. Despite being reported to Google, the issue remains unresolved, posing a significant risk to many users.
Threat Actor: Cybercriminals | cybercriminals
Victim: Former employees of defunct startups | former employees of defunct startups
Key Point :
- The vulnerability allows attackers to register defunct domains and impersonate former employees on SaaS platforms.
- Google’s OAuth system has inconsistencies that enable the exploitation of email and domain claims.
- Millions of employee accounts at failed startups are at risk, with many using Google Workspaces for email.
- Proposed solutions include immutable identifiers and additional verification measures, but they come with costs and complications.