Breaking News

Critical Security Flaws Found in Google Looker Platform

Tenable Research has discovered severe security flaws in Google Looker, a popular business intelligence platform used by over 60,000 organisations worldwide, that could allow attackers to gain system control and access sensitive data.

Security firm Tenable has identified two major vulnerabilities, collectively dubbed “LookOut”, affecting both cloud and on-premises deployments of Google Looker. The first is a remote code execution (RCE) flaw, which could allow attackers to execute malicious commands on a Looker server remotely. Exploiting this weakness could give them full control over the system, access confidential corporate information, manipulate analytics, or move laterally within a company’s internal network. In cloud setups, the vulnerability could even expose data across multiple tenants.

“This level of access is particularly dangerous because Looker acts as a central nervous system for corporate information,” said Liv Matan, Senior Research Engineer at Tenable. “A breach could allow an attacker to manipulate data or move deeper into a company’s private networks.”

Data extraction vulnerability adds further risk

The second LookOut vulnerability enables attackers to extract Looker’s internal management database. Researchers demonstrated that by tricking the system into connecting to its own internal components, they could access user credentials, configuration details, and other sensitive information.

Google has addressed the vulnerabilities in its managed cloud-based Looker service. However, organisations running the platform on private servers or on-premises infrastructure remain responsible for applying patches and updates promptly to prevent exploitation.

“To secure Looker effectively, organisations must balance protection with the platform’s powerful capabilities, such as running SQL queries or interacting with internal files,” Matan added.

Guidance for system administrators

Tenable recommends that administrators monitor their environments for unusual activity. This includes reviewing project directories for unexpected files—particularly within the .git/hooks/ folder—and checking scripts like pre-push, post-commit, or applypatch-msg for signs of tampering. Security teams should also analyse application logs for abnormal internal connections or unusual SQL errors that could indicate attempted attacks on internal databases like looker ilooker.

These findings underscore the critical importance of securing analytics platforms that form the backbone of organisational decision-making. As business intelligence systems grow in complexity and scale, strong security practices are essential to protect sensitive corporate data from increasingly sophisticated threats.