Critical Looker bugs could expose sensitive data for thousands of companies
Security researchers just found two big vulnerabilities in Google Looker, a tool used by over 60,000 companies to handle business data.
These bugs—called "LookOut"—could let hackers take over servers and grab sensitive info if you're running self-hosted or on-premises versions.
Bugs are 'critical' and can lead to serious data leaks
One flaw lets attackers run code on your server through Git hooks; the other is a sneaky SQL injection that can leak passwords and secrets from Looker's internal database.
As Liv Matan from Tenable put it, Looker is like the "central nervous system" for company info, so these issues are a pretty big deal.
Update your Looker installation ASAP
If you're using the cloud version of Looker, Google already fixed it.
But if you host it yourself, update ASAP to one of these versions: 25.12.30+, 25.10.54+, 25.6.79+, 25.0.89+, or 24.18.209+.
Also, check your .git/hooks/ folder for anything weird—better safe than sorry!