Google SSO misconfiguration leading to Account Takeover

4 min readOct 14, 2022

I’m a technical guy. However, this post doesn’t contain any technical details (but that’s because this bug doesn’t require any).
I need to admit it: finding this bug was pure luck.
No skill was involved at all.

Account Takeover representation by Dall-E

Some context…


Bug Bounty Hunter, Full-Stack Web Developer & Tech Team Leader