"Here’s the issue: If a service (e.g., Slack) relies solely on these two claims, ownership changes to the domain won’t look any different to Slack. When someone buys the domain of a defunct company, they inherit the same claims, granting them access to old employee accounts." 

intersend.io | via sequence. pimlico. poap. polygon. metamask. paxful. flipside crypto. dash. bridgewater. darpa. secdef. navy. dia. linktr.ee/alexanderchopan

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw