Techly NewsGet the app

Get the latest tech news

Google’s OAuth login doesn’t protect against purchasing a failed startup domain


Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.

Here’s the problem: Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees. The most sensitive accounts included HR systems, which contained tax documents, pay stubs, insurance information, social security numbers, and more. Google’s eventual re-engagement with this issue is promising, but until a fix is implemented, millions of Americans' data and accounts remain vulnerable.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google

Google

Photo of Millions

Millions

Photo of Accounts

Accounts

Related news:

News photo

Brit watchdog probes Google's search, ads empire

News photo

UK opens antitrust investigation into Google's search practices

News photo

Google Search Faces First UK Probe Under Tough Digital Rules

Meta announces 5% cuts in preparation for 'intense year' »