Google Workspace exploit could let hackers steal your files without leaving any trace

Google storage
(Image credit: Shutterstock)

Storing files in the cloud means placing a huge amount of trust in the host, and that it’s keeping its security in top shape. Unfortunately, that doesn’t seem to have been the case with Google Workspace, according to a new report from security experts. 

Apparently, there’s an exploit that could allow hackers to steal Google Drive files and get away without a trace.

Researchers from Mitiga Security have published their findings on this exploit, which relates to whether you’ve paid for a Google Workspace license or not. Evidently usage logs are only kept if you’re paying for the service, and if you’re not then there’s no record of what’s been going on in your supposedly-private Drive space.

So, should any bad actors manage to compromise a Google Workspace account, they could then revoke this license. Once the account is officially “Cloud Identity Free”, they are able to do as they please without there being any record of what’s been happening. 

Mitiga claims to have notified Google of the issue, though the company apparently hasn’t responded. Hopefully it's actually figuring out a solution to the problem, because it’s a pretty serious one to have.

As TechRadar Pro points out, knowing what files have been compromised and taken during a data breach is essential. Knowing what data was taken means victims can be better informed about the risks of identity theft, fraud or other similar consequences. Without proper logs it’s impossible to make those kinds of judgments.

It’s true that the problem doesn’t make it any easier for threat actors to access your Google Workspace account in the first place. But once they’re in it means those hackers can do whatever they like, safe in the knowledge there will be no record of it.

That means it’s all the more important to make sure your account is kept safe and secure — keeping those ne’er-do-wells out of your private data. That means making sure 2-step verification is activated, and that you have a strong password. Or better still, learn how to use passkeys with your Google account for better security.

More from Tom's Guide

Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.