Google's OAuth Flaw Risks Millions of Accounts: A security issue allows anyone purchasing domains of defunct startups to access former employee accounts across various SaaS platforms, compromising sensitive data. Despite the risk affecting potentially over 10 million accounts, Google marks it as “won't fix” initially but later reopens the issue after a researcher’s talk. Proposed solutions include adding immutable identifiers to improve user security. Until addressed, many remain vulnerable to misuse of their accounts.
https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw