Tenable Research has uncovered two major vulnerabilities in Google Looker, one of the world’s most widely used business intelligence platforms, exposing more than 60,000 companies across 195 countries to the risk of system compromise and sensitive data theft. Collectively dubbed “LookOut,” the flaws could allow attackers to hijack entire Looker instances or extract high‑value corporate secrets.
The most severe issue is a Remote Code Execution (RCE) chain that enables attackers to run arbitrary commands on a Looker server. This level of access effectively hands over complete control, potentially allowing data manipulation, credential theft, or deeper movement into an organization’s internal network. In cloud-hosted environments, researchers warn the flaw could even lead to cross‑tenant access, amplifying the impact.
“This level of access is particularly dangerous because Looker acts as a central nervous system for corporate information,” said Liv Matan, Senior Research Engineer at Tenable. “A breach could allow an attacker to manipulate data or move deeper into a company’s private internal network.”
A second vulnerability enables attackers to steal Looker’s entire internal management database, including configuration secrets and user credentials, by tricking Looker into connecting to its own internal services.
While Google has swiftly addressed the flaw in its managed cloud service, organizations running Looker on‑premises or on private servers remain exposed until they manually apply the required patches.
Admins are urged to inspect Looker project directories particularly .git/hooks/ for unauthorized scripts, and review logs for suspicious SQL errors that may indicate internal connection abuse.