LeakyLooker: Hacking Google Cloud's Data via Dangerous Looker Studio Vulnerabilities

Tenable Research uncovered nine critical cross-tenant vulnerabilities, dubbed "LeakyLooker," in Google Looker Studio, exposing organizations' data across BigQuery, Sheets, and other GCP connectors to exfiltration and manipulation. These flaws enabled attackers to exploit credential handling and SQL injection vectors to access, modify, or steal data with zero or one click, breaking established BI platform trust boundaries. Google has remediated all vulnerabilities.