The Segment
Posts
totally buggin’

totally buggin’

why employees of failed startups are at risk of stolen data

Amber Rhodes & Dillon Young
January 24, 2025 • Est. Reading Time: 8 minutes

In partnership with

Welcome to The Segment, a newsletter for customer-facing baddies who wanna talk shop and dish dirt about the latest in tech news. Was this email forwarded to you? Don't be shy, subscribe here.

TL;DR

A security researcher uncovered a super easy hack to steal employee info from failed startups. Find out how you can protect yourself.
What happens when everyone on your team is laid off…except for you?
Awww! Stripe ducks up termination notices in the cutest way possible.

ICYMI last week: You might be surprised by how many Americans don’t know they’re using AI-enabled tools every day.

Let's talk shop 🔧

via Reddit

This Google bug puts employees at risk of data theft

If you work at a small startup, please read this!

Getting laid off sucks. But getting laid off and having all your most sensitive data stolen? Nightmare.

Unfortunately, this isn’t just a hypothetical bad situation. This is a very real risk that security researcher, Dylan Ayrey, revealed at a security conference last week.

Here’s the gist of this bug 🪲

If hackers buy the domains of a failed startup, they could potentially use those domains to log in to cloud software and apps configured to allow anyone at that company domain to gain access.

(You know the “Sign in with Google” option you can use when you don’t want to have to remember a new password? Yeah, all of those accounts would be vulnerable to a breach.)

Once a hacker gets into these apps, they could find company directories and other user info that could uncover employees’ personal information.

And this isn’t just a theory! Ayrey tested it out himself by buying the domain of a failed startup, and…he was able to access their ChatGPT, Slack, Notion, Zoom, and Human Resources software, which still had Social Security number information.

😨😨😨

Why are small startups so vulnerable to this bug?

Actually, any failed company is vulnerable to this bug, but startups are especially at risk because they often use Google apps and cloud software for business needs.

What’s Google going to do about it?

Funnily enough, Google dismissed Ayrey’s bug report at first, calling it a “fraud” issue. But soon after Ayrey’s talk was accepted for the security conference, Google re-opened the ticket.

As of now, Google hasn’t issued a technical fix for the OAuth vulnerability and it’s not clear if they ever will. But Google did update its documentation directing people to use a “sub-identifier” as an added layer of security.

So how can employees know their data is safe?

According to Google, the best fix is to make sure founders properly disable all of their cloud services when they shut down company operations.

Losing a job due to a company shutdown is tough – but you don’t want the added stress of identity theft. Don’t be shy about raising your concerns about the security of your personal information!

🖥️ What else is happening in tech?

Multiple startup founders spent time rubbing shoulders with government leaders at Monday’s presidential inauguration parties to secure those sweet, sweet government contracts.
The White House announces a $500B AI infrastructure project in partnership with OpenAI, Oracle, and Softbank. Elon’s mad about it, though.
Is investing in SaaS hot again? Insights Partners raises $12.5B to invest in new tech bets.

SaaS Survivor

A team is reduced from 12 to 1.

What’s it like inheriting all that work?

Listen to the newest episode of The Daily Standup →

This isn’t traditional business news

Welcome to Morning Brew—the free newsletter designed to keep you in the know on the business news impacting your career, company, and life—in a way you didn’t know you needed.

Note: this isn’t traditional business news. Morning Brew’s approach cuts through the noise and bore of classic business media, opting for short writeups, witty jokes, and above all—presenting the facts.

Save time, actually enjoy business news, and join over 4 million professionals reading daily.

Check it out

Is referring too much hassle (aka your friends aren’t cool)? Skip the work and find all these 👆 and more in our shop. Get 10% off with code: SEGMENT10

Would you ever quit a job via cake?

Let’s dish 🤭

via Reddit

That’s ducked up

Picture this:

You open up your email. You have a new message from your employer and it’s bad news – you’re being laid off.

Attached to that email: a PDF attachment of a cute little cartoon duck titled “US-Non-California Duck” 🦆

Image via Gizmodo

Huh?!

Well, that’s what happened at Stripe this week. In communications about its 300-person layoff, some employees got incorrect termination dates and others got an image of a duck.

The layoffs were reportedly part of a regular annual review and growth planning process. Yep, growth planning. Just so we’re clear, Stripe is planning to add 1,000+ jobs by the end of 2025.

🫖 What's the tea?

New dream job alert! Planters is hiring Peanutters to drive the Nutmobile around the country.
Think the Ray-Ban Meta smart glasses are lame? You might like the smart glasses Oakley is cooking up 🤙
Everyone is lining up to make a bid on TikTok, including YouTuber MrBeast.

See you next week! 👋

Start learning AI in 2025

Everyone talks about AI, but no one has the time to learn it. So, we found the easiest way to learn AI in as little time as possible: The Rundown AI.

It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.