Storing files in the cloud means placing a huge amount of trust in the host, and that it’s keeping its security in top shape. Unfortunately, that doesn’t seem to have been the case with Google Workspace, according to a new report from security experts.
Apparently, there’s an exploit that could allow hackers to steal Google Drive files and get away without a trace.
Researchers from Mitiga Security have published their findings on this exploit, which relates to whether you’ve paid for a Google Workspace license or not. Evidently usage logs are only kept if you’re paying for the service, and if you’re not then there’s no record of what’s been going on in your supposedly-private Drive space.
So, should any bad actors manage to compromise a Google Workspace account, they could then revoke this license. Once the account is officially “Cloud Identity Free”, they are able to do as they please without there being any record of what’s been happening.
Mitiga claims to have notified Google of the issue, though the company apparently hasn’t responded. Hopefully it's actually figuring out a solution to the problem, because it’s a pretty serious one to have.
More from Tom's Guide
