Experts reveal 'LeakyLooker' flaws let hackers gain access to user information in Google Looker Studio, so be on your guard

• Tenable uncovers nine Looker Studio flaws dubbed LeakyLooker
• Bugs enabled cross-tenant SQL injection and credential leaks
• Google patched all vulnerabilities; users urged to review report access

A series of nine vulnerabilities in Google Looker Studio can be used to run arbitrary SQL queries against target databases and pull sensitive data from people’s Google Cloud environments, experts have revealed.

Security researchers Tenable found the flaws, dubbed LeakyLooker, which exposed sensitive data across Google Cloud environments, affecting those who are using pretty much any Looker Studio data connector, including Google Sheets, PostgreSQL, MySQL, and others.

“Achieving full isolation while providing live data is a difficult task that can be flawed,” Tenable said in its findings, adding that the tool’s "Live Data" architecture, designed for real-time report updates, was a real Achilles' heel. “Attackers could exploit this through 0-click (no victim interaction) and 1-click (victim opens a malicious ...