Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Using the 'Sign In With Google' option is risky and there is currently no workaround
Logging into a website using the "Sign In With Google" option is so convenient that you've probably used it hundreds of times. However, researchers have found that using this feature as an employee of a business can put you at risk of having your privacy violated, and worse, there's no fix yet.
The "Sign In With Google" feature leaves traces of previous users in the domain
A vulnerability has been discovered in Google's OAuth system that affects anyone who worked for a company that allowed its employees to use the now-defunct "Sign In With Google" login, Trufflesecurity reports.
The problem here is that when you are an employee of a company and you use the 'Sign In With Google' feature to log in to an app like Slack with your business account, the app gets two pieces of data: the domain and the email address. If the app gets both of these pieces of data, it will let the user log in.
The 'domain' portion is the business domain name, which tells the app that you're an employee of that particular company. However, if the company goes out of business, a bad actor could purchase and take ownership of the unused domain. If the business doesn't 'clean up' properly before closing, the bad actor could recreate employee email addresses and use them to log into third-party services.
Fortunately, the bad guys couldn't get into the company's old Gmail account and read their emails, but Trufflesecurity found that it could access former employees' accounts on ChatGPT, Slack, Notion, Zoom, HR systems, and more. And while all of these accounts can store sensitive data, HR systems are the most dangerous because they contain information like social security numbers and banking information.
Unfortunately, when this vulnerability was first reported, Google blamed the companies for not properly deleting their data. However, after Trufflesecurity demoed the attack at Shmoocon (which you can see in the video above at the 5:34:00 mark), Google had to reconsider.
In the meantime, if you used 'Sign In With Google' while working for a company that has since gone out of business, your data could be compromised. Keep track of your details and be prepared to fix the problem if you notice a data breach. And even if you never use the handy sign-in feature while working, there are plenty of reasons why you shouldn't use 'Sign In With Google' on any website ever again.
Samuel DanielYou should read it
- How to Sign Out of Google Play
- The simplest way to sign out of your Google account on your phone and computer
- How to sign out of your Google account on another device
- What happens if you don't sign in to your Google account on Android?
- How to easily sign out of your Google account on your phone
- How to sign up for G Suite to use Google Meet
- How to Sign Out of Windows 10
- How to use Google Docs to sign documents
- Instructions for unlinking between Google and YouTube accounts
- Learn about Google Fi and how to sign up
- How to fix 'We can't sign into your account' error on Windows 10
- Google officially gives Bard AI trial: How to get on the waiting list?
May be interested
Instructions to fix Excel column/row freezing not working
8 reasons not to buy external camera lenses for smartphones
FBI 'eliminates' malware that affected 2.5 million PCs
Orionid Meteor Shower 2025: Everything You Need to Know
The Truth About Yoga That Trains Your Mind and Body
How to enable/disable battery saving mode on Windows 11 laptop
How does the 'Sign-In with Google' option work?
How to Sign Out of Google Play
How to Sign Out of Windows 10
How to sign out of your Google account on another device
The simplest way to sign out of your Google account on your phone and computer
How to Log Out of Netflix on Windows 8