{"id":222994,"date":"2026-03-11T12:00:00","date_gmt":"2026-03-11T16:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/researchers-uncover-leakylooker-vulnerabilities-in-google-looker\/"},"modified":"2026-03-12T21:45:15","modified_gmt":"2026-03-13T01:45:15","slug":"researchers-uncover-leakylooker-vulnerabilities-in-google-looker","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/researchers-uncover-leakylooker-vulnerabilities-in-google-looker\/","title":{"rendered":"Researchers Uncover \u2018LeakyLooker\u2019 Vulnerabilities in Google Looker"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/google-looker-studios-security-gaps\/\">Researchers Uncover \u2018LeakyLooker\u2019 Vulnerabilities in Google Looker<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/google-looker-studios-security-gaps\/\">https:\/\/www.infosecurity-magazine.com\/news\/google-looker-studios-security-gaps\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 12:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>A set of nine cross-tenant vulnerabilities in Google Looker Studio that could have enabled attackers to extract or manipulate sensitive cloud data has been uncovered by cybersecurity researchers.<\/p>\n<p>The flaws, collectively named LeakyLooker by\u00a0Tenable Research, affected the cloud-based business intelligence platform formerly known as Data Studio and potentially exposed data stored across several Google services.<\/p>\n<p>The issues could have enabled attackers to run arbitrary SQL queries against victims&#8217; databases and access datasets across different cloud tenants.<\/p>\n<p>Looker Studio is widely used to transform raw data into dashboards and visual reports. It connects to multiple data sources, including Google BigQuery, Google Sheets and other SQL databases. Because the platform integrates deeply with Google Cloud infrastructure, the researchers said it introduced an unusually broad attack surface.<\/p>\n<h2><strong>Two Separate Attack Paths<\/strong><\/h2>\n<p>Tenable researchers identified weaknesses in how Looker Studio handled authentication and data connectors. The platform allows reports to retrieve data using either the report owner&#8217;s credentials or those of the viewer, depending on configuration.<\/p>\n<p>According to the researchers, this architecture created two distinct attack paths that could be exploited by malicious actors.<\/p>\n<ul>\n<li>\n<p>0-click attacks targeting owner credentials: Attackers could trigger SQL queries executed with the report owner&#8217;s authentication through crafted server-side requests<\/p>\n<\/li>\n<li>\n<p>1-click attacks targeting viewer credentials: Victims could unknowingly run malicious SQL queries when opening a manipulated report or link<\/p>\n<\/li>\n<\/ul>\n<p>These attack techniques were enabled by several underlying vulnerabilities in the platform, including SQL injection flaws in database connectors, data leaks through report elements such as hyperlinks or rendered images and a denial-of-wallet issue affecting BigQuery resources.<\/p>\n<h2><strong>Potential Impact and\u00a0Google&#8217;s Response<\/strong><\/h2>\n<p>The vulnerabilities affected connectors used to link&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/google-looker-studios-security-gaps\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers Uncover \u2018LeakyLooker\u2019 Vulnerabilities in Google Looker https:\/\/www.infosecurity-magazine.com\/news\/google-looker-studios-security-gaps\/ Publish Date: 2026-03-11 12:00:00 Source Domain: www.infosecurity-magazine.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222995,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/eaf17161-1aa8-41be-8d12-3f00475ef147.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-222994","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222994"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222994"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222994\/revisions"}],"predecessor-version":[{"id":222996,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222994\/revisions\/222996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222995"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}