Google has identified a vulnerability in its "Sign in with Google" flow that could expose sensitive data of failed startups. The vulnerability was uncovered by researcher Dylan Ayrey at Truffle Security, who demonstrated how an attacker can exploit it to gain access to employee information and potentially sensitive data stored in various SaaS products. This can happen when a former employee's email account is re-created on a new domain, allowing the attacker to log into other services using that same account. Google has acknowledged the issue and is working on a fix, but advises service providers to properly close their domains and erase customer data when shutting down operations to prevent such incidents. The company also emphasizes the importance of using unique identifiers instead of relying solely on email claims.