A naukri.com initiative
Kaspersky
4w
317
Image Credit: Kaspersky
Google OAuth: abandoned domains attack | Kaspersky official blog
- Using Google OAuth authentication for corporate services may lead to security vulnerabilities, such as phantom accounts and abandoned domains attacks.
- Google OAuth authentication primarily verifies access to an email address linked to the organization's Google Workspace, rather than utilizing the unique sub parameter as recommended.
- Attackers can exploit abandoned domains by registering them and creating email addresses within the domain to gain unauthorized access to corporate services that used 'Sign in with Google'.
- By accessing defunct companies' services, attackers can retrieve confidential information, posing a significant risk to employee data privacy and security.
- Around 50% of startups use Google Workspace, potentially leading to millions of vulnerable accounts susceptible to such attacks.
- A researcher discovered this vulnerability and reported it to Google, eventually receiving recognition and a reward for his findings.
- Google has been informed about the issue but has not yet provided a clear timeline or solution to address the problem with Google OAuth authentication.
- Preventive measures for companies include using traditional login methods, enabling two-factor authentication, and properly managing workspace deletion when ceasing operations.
- Startups and organizations are advised to be proactive in addressing security vulnerabilities like the Google OAuth attack associated with abandoned domains.
- Companies should consider the security implications of using 'Sign in with Google' and take necessary steps to protect sensitive data and prevent unauthorized access.
Read Full Article
19 Likes
For uninterrupted reading, download the app