NVK on Nostr: "Login with Google" Pwn, boy this will be probably one of the biggest hacks in ...
"Login with Google" Pwn, boy this will be probably one of the biggest hacks in history...
AFAIK, attackers were able to fool google into thinking they owned your domain, some DNS attack or business logic flaw. Then signup for google workspace with your domain, then go and login into any service that had "Login with Google"...
That's as thirsty one
DNS is a shitcoin too.
Seeing some reports on twitter that seems to validate this. No public comms yet.
AFAIK, attackers were able to fool google into thinking they owned your domain, some DNS attack or business logic flaw. Then signup for google workspace with your domain, then go and login into any service that had "Login with Google"...
That's as thirsty one
DNS is a shitcoin too.
Seeing some reports on twitter that seems to validate this. No public comms yet.