Mitigated potential vulnerability with Google logins
Earlier today, we were contacted by a security researcher to inform us of a potential vulnerability in our 'Sign in with Google' feature.
This flaw could allow an attacker to hijack the OAuth login process by opening our login page in a controlled environment, redirecting users to the attacker's own OAuth application instead of ours.
This effectively made customers more easily exposed to a phishing-style attack; however, we don't believe anyone has ever attempted to exploit this.
We have now added extra security headers to our server configuration that close this loophole, specifically the Cross-Origin Opener Policy header.
If you have any additional questions, please don't hesitate to let us know.
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Sorry™ Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Sorry™ Service Status.