Google’s OAuth login doesn’t prevent someone from buying a failed startup’s domain name and recreating email accounts used by former employees. Although old email data isn’t accessible, those accounts can be used to log into various SaaS products the organization used.
This security flaw highlights the importance of two things: Domain management, and Google’s own failure to disassociate expired or dropped domains from its Open Authentication product.
Here are some fascinating facts:
- 6 million Americans currently work for tech startups.
- 90% of tech startups eventually fail.
- 50% of those startups rely on Google Workspaces for email.
A security researcher acquired a domain previously used by a failed startup to authenticate his access to other domains. Google’s initial response was that the system works “as expected.” Eventually, they acknowledged the issue.
Read a more technical analysis of this vulnerability that involves the acquisition of expired or dropped domain names used by defunct startups.
Copyright © 2025 DomainGang.com · All Rights Reserved.-
-
-
-
-
DomainGang provides daily entertainment and parody content for the domain industry! Articles that contain the “100% True” notice are entirely true – but still fun to read. Follow us, and learn more about the wonderful world of domaining!
-
