news 
Title: Employees of failed startups are at special risk of stolen personal data through old Google logins
As reported by TechCrunch, employees who worked for failed startups may be more vulnerable to having their personal data stolen due to unused or forgotten Google account login credentials. This revelation highlights a concerning security issue that has not been addressed by Google.
The vulnerability was discovered by researcher Dylan Ayrey, who found that when a company shuts down its Google Workspace services, it does not automatically disable the sub-identifier for those accounts. This means that even after a startup closes its doors, employees may still have access to their work email accounts and potentially sensitive data.
Ayrey initially reported the bug to Google, which at first dismissed his findings as a “fraud” issue. However, after Ayrey presented his research at ShmooCon, Google reopened the ticket and awarded him a $1,337 bounty.
While Google has updated its documentation to advise cloud providers on how to use the sub-identifier properly, it remains unclear if the company will take steps to address this issue in its OAuth software.
Source: techcrunch.com
