Google OAuth Security Breach: Hackers Exploit Abandoned Accounts. Here is what to know.

  • Home » Google OAuth Security Breach: Hackers Exploit Abandoned Accounts. Here is what to know.
Google
Data Breaches Featured News Latest News Latest Vulnerabilities Recommended News Security , , , ,

Google OAuth Security Breach: Hackers Exploit Abandoned Accounts. Here is what to know.

A critical flaw in Google’s OAuth implementation has recently been exposed, allowing attackers to gain access to abandoned accounts. This vulnerability, discovered by researchers at Trufflesecurity, affects accounts linked to various software-as-a-service (SaaS) platforms.

Xiaomi-Mi6-camera-1024x769 Google OAuth Security Breach: Hackers Exploit Abandoned Accounts. Here is what to know.

The Discovery

Trufflesecurity researchers identified the flaw last year and reported it to Google on September 30. Initially, Google dismissed the issue as a “fraud and abuse” problem rather than an OAuth or login issue. However, after the issue was presented at the Shmoocon conference in December, Google reopened the case and awarded the researchers a $1337 bounty.

How the Flaw Works

The flaw lies in Google’s “Sign in with Google” feature. When attackers purchase the domain of a defunct startup, they can recreate email accounts for former employees. These recreated accounts can then be used to log into services like Slack, Notion, Zoom, and various HR platforms. Although attackers cannot access old emails, they can extract sensitive data such as tax documents, insurance information, and social security numbers.

The Scale of the Problem

The researchers found that there are over 100,000 defunct domains available for purchase. With an average of 10 employees per startup using 10 different SaaS tools, this vulnerability potentially affects millions of user accounts. The issue is exacerbated by the fact that Google’s OAuth system relies on domain-based claims, which remain valid even when domain ownership changes.

Proposed Solutions

To address this issue, researchers suggest that Google introduce immutable identifiers, such as a unique and permanent user ID and workspace ID tied to the original organization. SaaS providers can also implement additional measures like cross-referencing domain registration dates and enforcing admin-level approvals for account access.

Google’s Response

Google has acknowledged the issue and recommends that customers properly close out domains and follow best practices to mitigate the risk. However, as of now, a fix has not been implemented, and the flaw remains exploitable.

Conclusion

This flaw highlights the importance of proper domain management and the need for robust security measures in authentication systems. As attackers continue to exploit vulnerabilities, it is crucial for companies to stay vigilant and implement necessary safeguards to protect user data.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment