3 min readNew DelhiUpdated: Feb 9, 2026 08:27 AM IST
Security researchers said they have found two major vulnerabilities in Google’s business intelligence platform, Looker, that could potentially enable hackers to take over “entire systems” and “steal corporate secrets”.
Collectively dubbed as ‘LookOut’, one of the platform’s vulnerabilities involves a Remote Code Execution (RCE) chain that could allow an attacker to take full control of a Looker server by running their own malicious commands remotely, researchers at cybersecurity firm Tenable said in a blog post on Thursday, February 5.
The Google-owned business intelligence platform is reportedly used by more than 60,000 companies in 195 countries. Hackers targeting cloud instances of Looker could potentially exploit security flaws to gain cross-tenant access, as per the researchers. They further said that companies were vulnerable to the complete theft of Looker’s internal management database.
“By tricking the system into connecting to its own ‘private brain’ researchers used a specialised data-extraction technique to download sensitive user credentials and configuration secrets,” Tenable said.
“This level of access is particularly dangerous because Looker acts as a central nervous system for corporate information, and a breach could allow an attacker to manipulate data or move deeper into a company’s private internal network,” Liv Matan, Senior Research Engineer at Tenable, said.
The researchers acknowledged that Google responded quickly to secure its managed cloud version of Looker after the vulnerabilities were reported to the tech giant. However, they also said that organisations hosting Looker on their own private servers or on-prem hardware might still be vulnerable.
“These organisations must manually apply security patches to close these backdoors, as they currently bear the full burden of protecting their infrastructure from potential administrative takeover,” Tenable said.
Story continues below this ad
What is Looker?
Looker, based in Santa Cruz, California, helps companies visualise and analyse the data they store in the cloud. Google agreed to buy Looker for $2.6 billion in 2019, expanding its offerings to help customers manage data in the cloud, according to a report by Bloomberg.
The Looker acquisition is said to have given Google another tool in its larger campaign to sell more cloud storage and software.
How can users protect themselves?
In order to avoid the potential exploitation of these vulnerabilities, Tenable researchers recommended that administrators should review their systems for specific indicators of compromise.
“First, they should inspect the file system for any unexpected or unauthorised files within the .git/hooks/ directory of Looker project folders, paying close attention to scripts named pre-push, post-commit, or applypatch-msg that may have been placed there by an attacker,” the company said.
Story continues below this ad
“Additionally, security teams should examine application logs for signs of internal connection abuse, specifically searching for unusual SQL errors or patterns consistent with error-based SQL injection targeting internal Looker database connections like looker__ilooker,” it added.
