"Login with Google" Pwn, boy this will be probably one of the biggest hacks in history...
AFAIK, attackers were able to fool google into thinking they owned your domain, some DNS attack or business logic flaw. Then signup for google workspace with your domain, then go and login into any service that had "Login with Google"...
That's as thirsty one
DNS is a shitcoin too.
Seeing some reports on twitter that seems to validate this. No public comms yet.
NVK / -. ...- -.-
npub1az…am8y8
2024-07-18 18:07:52
Author Public Key
npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8Published at
2024-07-18 18:07:52Event JSON
{
"id": "091a363cf5b71ee17cd98d55698e4cf578db57a7655ac73f2aa005b06ffd9ca5",
"pubkey": "e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411",
"created_at": 1721318872,
"kind": 1,
"tags": [],
"content": "\"Login with Google\" Pwn, boy this will be probably one of the biggest hacks in history...\n\nAFAIK, attackers were able to fool google into thinking they owned your domain, some DNS attack or business logic flaw. Then signup for google workspace with your domain, then go and login into any service that had \"Login with Google\"...\n\nThat's as thirsty one\n\nDNS is a shitcoin too.\n\nSeeing some reports on twitter that seems to validate this. No public comms yet.",
"sig": "8dc0132022ed5c9b6628d7c7ca537aeb849535795ceeacfd69ae5a1f980ca4aed73300836929a18cf0c60607217e62e52ced6aa2cbd714e49f4301b3a0869066"
}