Google SSO misconfiguration leading to Account Takeover

4 min readOct 14, 2022

I’m a technical guy. However, this post doesn’t contain any technical details (but that’s because this bug doesn’t require any).
I need to admit it: finding this bug was pure luck.
No skill was involved at all.

Account Takeover representation by Dall-E

Some context…

A couple of weeks ago, a client for whom I worked last year called me because he needed some help describing the service we developed for him. He was going to sell the company and was being asked for the technical details.

There was an explicit requirement that would have forced me to examine all the code and search for specific information, but I was feeling too lazy to do that. So I thought about my options:

  • Either I spend the next two hours examining every line of code…
  • Or I can search for an online tool that does the job for me! 🎉

We all know how this ends. You end up wasting your time looking for a service and getting nothing done. I could have spent my time doing it manually.

Lucky me, I tried searching for a tool instead.

Discovering the bug

I remembered I used a webpage about 3 years ago that had a similar feature, so I decided to investigate.

Once I logged in, I was expecting to find my previous projects, but they were all missing. Instead, many “random” GitHub repositories were attached to my account. They were from a big, known company… And they were not Open Source, I can tell you that. 😝

Why do I never get permission for publishing the name of these companies?
It doesn’t matter how do I argue with them, they’ll always want to keep it secret.

I guess that’s why I work in computer science and not in politics.
Zero persuassion techniques😅

Suddenly, I realized that that was not my account. I went to the settings page and saw a different email. I didn’t even know how did I manage to log in to their account.

Let’s try to do it again”, my mind said. Open a new Chrome profile, go to the webpage, log in using Google… Again. I’m in their account.


Bug Bounty Hunter, Full-Stack Web Developer & Tech Team Leader