MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
google
Search

Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins

Monday January 20, 2025. 08:30 PM , from Slashdot
Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins
Hackers could steal sensitive personal data from former startup employees by exploiting abandoned company domains and Google login systems, security researcher Dylan Ayrey revealed at ShmooCon conference. The vulnerability particularly affects startups that relied on 'Sign in with Google' features for their business software.

Ayrey, CEO of Truffle Security, demonstrated the flaw by purchasing one failed startup's domain and accessing ChatGPT, Slack, Notion, Zoom and an HR system containing Social Security numbers. His research found 116,000 website domains from failed tech startups currently available for sale. While Google offers preventive measures through its OAuth 'sub-identifier' system, some providers avoid it due to reliability concerns - which Google disputes. The company initially dismissed Ayrey's finding as a fraud issue before reversing course and awarding him a $1,337 bounty. Google has since updated its documentation but hasn't implemented a technical fix, TechCrunch reports.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/25/01/20/1857213/employees-of-failed-startups-are-at-special-risk-of-s...

Related News

google HPE Investigating Breach Claims After Hacker Offers To Sell Data SlashdotJan 21
startups Authors Seek Meta's Torrent Client Logs and Seeding Data In AI Piracy Probe SlashdotJan 21
failed Make computing personal again BoingBoingJan 20
data How to Use Parental Controls in Your Google, Apple, and Microsoft Accounts Wired: Tech.Jan 20
through Google Upgrades Open Source Vulnerability Scanning Tool with SCA Scanning Library SlashdotJan 19
personal NATO Will Deploy Unmanned Vessels to Protect Baltic Sea Cables - Plus Data-Assessing AI SlashdotJan 18
employees Google begins requiring JavaScript for Google Search OS NewsJan 18
security Google Reports Halving Code Migration Time With AI Help SlashdotJan 18
ayrey Google announces it’s going to intentionally violate EU law OS NewsJan 18
domains CEO of Chinese Smartphone Brand Honor Resigns Due To Personal Reasons SlashdotJan 17
its Google Begins Requiring JavaScript For Google Search SlashdotJan 17
company Microsoft follows Google with price bump, forced AI 365 bundles PC WorldJan 17
system Google’s password manager is finally adding a “delete all data” button PC WorldJan 17
old Copilot invades Microsoft 365 Personal and Family for an extra three bucks a month TheRegisterJan 17
stolen GM Banned From Selling Your Driving Data For Five Years SlashdotJan 17
google TikTok, AliExpress, Temu and more hit with GDPR complaints over unlawful data transfers to China BetaNewsJan 17
startups Google Won't Add Fact Checks Despite New EU Law SlashdotJan 17
failed Here’s how Google is using LLMs for complex internal code migrations InfoWorldJan 17
data Google Strikes World's Largest Biochar Carbon Removal Deal SlashdotJan 17
through Google rolls out Vertex AI RAG Engine InfoWorldJan 17
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Jan, Tue 21 - 05:20 CET