CP
cyberpings
VulnerabilitiesHIGH

Google Looker Studio Vulnerabilities - Data Exfiltration Risk

CSCyber Security News
Google Looker StudioLeakyLookerSQL InjectionTenableGoogle Cloud
🎯

Basically, hackers found ways to steal data from Google services without permission.

Quick Summary

A set of vulnerabilities in Google Looker Studio, named 'LeakyLooker', allowed data exfiltration and SQL execution without user consent. Google has patched these issues, but users should audit their access.

What Happened

A set of nine vulnerabilities in Google Looker Studio, collectively known as LeakyLooker, was discovered by Tenable researchers. These vulnerabilities allowed attackers to run arbitrary SQL queries and exfiltrate sensitive data from Google Cloud environments. This was possible without victims granting explicit permission, raising significant security concerns. Google has since fully remediated all identified issues following responsible disclosure.

Google Looker Studio, previously known as Data Studio, is a cloud-based platform that connects to various data sources to create shareable reports. However, its architecture, which relies on a permission-sharing model similar to Google Docs, became a security weakness. The vulnerabilities stem from how Looker Studio handles authentication, leading to two exploitable attack paths.

Who's Affected

The vulnerabilities primarily affect users of Google Looker Studio who connect their reports to databases such as BigQuery, PostgreSQL, and MySQL. Any organization relying on this platform for data visualization and reporting could potentially be at risk. Although there is no evidence that these vulnerabilities were exploited in the wild, the implications for data security are significant, especially for businesses managing sensitive information.

What Data Was Exposed

The vulnerabilities allowed attackers to access and manipulate data across various Google Cloud environments. For instance, attackers could execute arbitrary SQL commands, potentially leading to the deletion or modification of records. The most severe vulnerability allowed attackers to bypass Google’s input filters, which could result in full SQL execution across the report owner's entire Google Cloud project. This means sensitive data could have been extracted without the owners' knowledge.

What You Should Do

Organizations using Google Looker Studio should take immediate action to ensure their data security. Here are some recommended steps:

  • Audit user access: Review all users with 'View' access to Looker Studio reports, both public and private.
  • Revoke unnecessary access: Remove access for any data source connectors that are no longer in active use.
  • Follow Google’s guidelines: Refer to Google’s documentation to review and restrict Looker Studio’s access to connected services.

By taking these precautions, organizations can better protect their data and minimize risks associated with these vulnerabilities.

🔒 Pro insight: The LeakyLooker vulnerabilities highlight critical flaws in cross-tenant data access, necessitating a review of authentication models in cloud services.

Original article from

Cyber Security News · Guru Baran

Read Full Article

Share

Related Pings

HIGHVulnerabilities

IBM Security Advisory - Critical Vulnerabilities Addressed

IBM has issued a security advisory for critical vulnerabilities in various products. Users must update their systems to protect against potential exploits. This is crucial for maintaining data security and operational integrity.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - NinjaOne Launches Autonomous Patching Solution

NinjaOne has launched a new Vulnerability Management solution. This tool helps IT teams quickly identify and fix vulnerabilities in real-time. By automating patching, organizations can reduce risk and improve security efficiency without disrupting user productivity.

Help Net Security·
HIGHVulnerabilities

Dell Vulnerabilities - Security Advisory Released March 2026

Dell has issued a security advisory for vulnerabilities in several products. Users of Dell Avamar, Connectrix, and PowerSwitch must update their systems. This is crucial to prevent potential data breaches and maintain security.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

CrackArmor Vulnerabilities - Exposing Linux Systems to Risks

New vulnerabilities in AppArmor could let local users gain root access on Linux systems. Millions of systems are at risk, making immediate patching essential to prevent exploitation.

Infosecurity Magazine·
HIGHVulnerabilities

Vulnerabilities - Microsoft Removes Samsung App Causing Issues

Microsoft has removed the Samsung Galaxy Connect app from its Store due to critical access issues on Windows 11. Users are unable to access their C: drive, affecting productivity. Microsoft and Samsung are working on a fix, but recovery options are limited for impacted devices.

BleepingComputer·
HIGHVulnerabilities

AWS Bedrock Vulnerability - DNS Exfiltration Risk Exposed

A serious vulnerability in AWS Bedrock's Code Interpreter allows data exfiltration via DNS queries. This affects cloud security for many organizations. Immediate action is needed to mitigate risks.

Infosecurity Magazine·