Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.I demonstrated this flaw by logging into accounts I didn’t own, and Google responded that this behavior was ‘working as intended’.The Root Cause: How Domain Ownership and OAuth IntersectHere’s the problem: Google’s OAuth login doesn’t protect against ...