No Free Rides With Your OAuth Tokens

traffic lights

It’s just another typical Wednesday in May. You’ve received an email from one of your contacts, someone with whom you haven’t spoken to in years. They’ve shared a Google Docs with you. It seems a bit odd, but you’re curious, so you click on the “Open in Docs” button. You’re prompted to allow “Google Docs” the ability to read, send, delete, and manage your email — and also manage your contacts. Your ‘spidey senses’ begin to tingle and you pump the brakes.

Remember this one? It was 2017 and 1 million Gmail users were impacted by this phishing attack. Google responded promptly and was able to stop the campaign in approximately an hour. At the time, this was a unique phishing attack vector, and rather than focusing on user credentials, it targeted OAuth tokens.

These attack vectors have continued to increase in popularity and frequency. Illicit consent grants have been seen across Microsoft O365 and Azure AD ecosystems. Note that if you’re a Microsoft shop, you can read more about their recommendations for detection and remediation here. More recently, Git analytics firm Waydev was the victim of one of these types of attacks. OAuth tokens for Github and Gitlab for two of the firm’s clients were stolen, resulting in compromised codebases and source code. Suffice it to say, this is likely not the last time we will see these unfortunate headlines.

You may be thinking of all the systems and services that use OAuth in your environment — and the potential risks they pose to your organization.


More Blog Posts

Request A Demo

AppOmni’s SaaS security platform gives security and IT teams an easy and automated way to secure their SaaS data and environments.