Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Using the 'Sign In With Google' option is risky and there is currently no workaround
Logging into a website using the "Sign In With Google" option is so convenient that you've probably used it hundreds of times. However, researchers have found that using this feature as an employee of a business can put you at risk of having your privacy violated, and worse, there's no fix yet.
The "Sign In With Google" feature leaves traces of previous users in the domain
A vulnerability has been discovered in Google's OAuth system that affects anyone who worked for a company that allowed its employees to use the now-defunct "Sign In With Google" login, Trufflesecurity reports.
The problem here is that when you are an employee of a company and you use the 'Sign In With Google' feature to log in to an app like Slack with your business account, the app gets two pieces of data: the domain and the email address. If the app gets both of these pieces of data, it will let the user log in.
The 'domain' portion is the business domain name, which tells the app that you're an employee of that particular company. However, if the company goes out of business, a bad actor could purchase and take ownership of the unused domain. If the business doesn't 'clean up' properly before closing, the bad actor could recreate employee email addresses and use them to log into third-party services.
Fortunately, the bad guys couldn't get into the company's old Gmail account and read their emails, but Trufflesecurity found that it could access former employees' accounts on ChatGPT, Slack, Notion, Zoom, HR systems, and more. And while all of these accounts can store sensitive data, HR systems are the most dangerous because they contain information like social security numbers and banking information.
Unfortunately, when this vulnerability was first reported, Google blamed the companies for not properly deleting their data. However, after Trufflesecurity demoed the attack at Shmoocon (which you can see in the video above at the 5:34:00 mark), Google had to reconsider.
In the meantime, if you used 'Sign In With Google' while working for a company that has since gone out of business, your data could be compromised. Keep track of your details and be prepared to fix the problem if you notice a data breach. And even if you never use the handy sign-in feature while working, there are plenty of reasons why you shouldn't use 'Sign In With Google' on any website ever again.
Samuel DanielYou should read it
- How to sign out of your Google account on another device
- What happens if you don't sign in to your Google account on Android?
- How to easily sign out of your Google account on your phone
- How to sign up for G Suite to use Google Meet
- How to Sign Out of Windows 10
- How to use Google Docs to sign documents
- Instructions for unlinking between Google and YouTube accounts
- Learn about Google Fi and how to sign up
May be interested
- Option keys on Mac that you don't know
the option key on the mac is rarely used until it is mistaken for not many functions. however, the option has more features than you think and they are very useful in the process of using the device. - Google officially gives Bard AI trial: How to get on the waiting list?bard - google's ai chatbot - has been rekindled for a long time. these ingredients were first announced in may 2021 through google's lamda (language model for dialogue applications) and included in the company's ai test kitchen, first announced at google i/o 2022.
- Apple officially locked iOS 11.3 signtoday apple has been the key to sign ios 11.3, after a week of launching ios 11.3.1. this means that users cannot undo the old operating system version after they have uploaded to ios 11.3.
- Learn about Google Fi and how to sign upaccording to google, google fi enabled on smartphones can link to either 4g lte or wi-fi networks, your device will automatically select the optimal connection and switch to connection without discontinuity.
- How to sign up for G Suite to use Google Meetsign up for a g suite account and you'll get the free google hangouts meet, which helps businesses create remote meetings, schedule online meetings, and be safe for each participant.
- How to insert a signature into PDF on Macyou can create signatures and use it to sign very simple documents on a mac. no need to download new applications, no need for online services.
- How to fix 'We can't sign into your account' error on Windows 10some windows 10 insider build 20226 users have reported that they were unable to log in to user profile (s) as expected. microsoft now offers a solution for help with this problem.
- How to easily sign out of your Google account on your phonesigning out of your google account on your phone is essential to protect personal information. suggestions for you on how to easily log out of your google account on your phone.
- How to sign in to Gmail, sign in to multiple Gmail accounts at the same timesign in to gmail and sign in to multiple gmail accounts on the browser to handle multiple tasks and needs at the same time without losing time to exit this account to log in to another account. but how to login multiple gmail on the browser?
- Google Chrome will warn users about password-protected malicious archive filesgoogle chrome is now warning when users are about to download risky password-protected archives, and providing improved warnings with more specific information about potentially downloaded files. toxic ability.
Tech info
- Instructions to fix Excel column/row freezing not working
- 8 reasons not to buy external camera lenses for smartphones
- FBI 'eliminates' malware that affected 2.5 million PCs
- Orionid Meteor Shower 2025: Everything You Need to Know
- The Truth About Yoga That Trains Your Mind and Body
- How to enable/disable battery saving mode on Windows 11 laptop
Instructions to fix Excel column/row freezing not working
8 reasons not to buy external camera lenses for smartphones
FBI 'eliminates' malware that affected 2.5 million PCs
Orionid Meteor Shower 2025: Everything You Need to Know
The Truth About Yoga That Trains Your Mind and Body
How to enable/disable battery saving mode on Windows 11 laptop