Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services

A group of nine new cross-tenant vulnerabilities in Google Looker Studio, known as "LeakyLooker," could have let attackers run any SQL query, steal sensitive data, and even change or delete records across Google Cloud environments without the victims' permission This article explores vulnerabilities google looker. . After responsible disclosure, Google has fixed all of the problems that were found.

Google Looker Studio (formerly Data Studio) is a cloud-based business intelligence and data visualization platform that can connect to live data sources like BigQuery, Google Sheets, Spanner, PostgreSQL, MySQL, and Cloud Storage to make reports that can be shared right away. It is built on Google Cloud infrastructure and uses a permission-sharing model like Google Docs, where reports can be viewed by people who have the right credentials or by anyone who has a public link.

This "live data" architecture, while strong, was the platform's biggest security flaw. Patch Status and Fixes There is no proof that these weaknesses were used in the real world. Because Looker Studio is a fully managed Google service, patches were sent out all over the world, and customers don't have to do anything to fix the problem.

Still, security teams should do the following: Check all users who can "View" Looker Studio reports, whether they are public or private. Consider BI platform connectors to be a key part of your attack surface. If you aren't using a data source connector anymore, take away its access. Use Google's instructions to check and limit Looker Studio's access to Google services that are connected to it., LinkedIn, and X for daily updates on cybersecurity.

Get in touch with us to share your stories.