Abandoned Online Domains Unlock Services With Google OAuth

A security researcher, Dylan Ayrey, discovered that abandoned online domains could be used to access sensitive information from third-party services. The issue arises from Google’s use of domain ownership and email addresses as authentication methods, which allows access to services like Slack and HR platforms. Google maintains that the problem lies with third-party services using email identifiers instead of unique ID tokens.