The Hidden Danger in Your Old IT Assets: Gmail & Outlook MFA Vulnerability

By: Levi Hentges, Vice President / Development, SEAM

A new vulnerability in Gmail and Outlook’s multi-factor authentication (MFA) systems has cybersecurity experts on high alert. This latest security gap, exploited through man-in-the-middle attacks, exposes accounts even when MFA is enabled—proving that no security measure is foolproof if bad actors get their hands on the right credentials.

For businesses upgrading or decommissioning IT assets, this underscores a major risk: data left behind on improperly handled devices can give cybercriminals an easy way in.

How the MFA Vulnerability Works

Cybercriminals have found ways to intercept authentication processes through phishing and session hijacking techniques. By tricking users into logging in through a fake portal, hackers capture credentials and authentication tokens, allowing them to bypass MFA protections. This means that even if a company enforces MFA for email access, compromised credentials can still put accounts—and sensitive data—at risk.

The Role of IT Asset Disposal in Preventing Security Breaches

Many companies focus on protecting active accounts but forget that retired or resold IT assets can be a goldmine for hackers. Improperly decommissioned devices often contain:

• Saved credentials stored in browsers or system settings.
• Locally cached emails and authentication logs.
• Residual data from cloud-synced applications.

If old laptops, servers, or mobile devices end up in the wrong hands—especially without proper data sanitization—cybercriminals can extract this information and leverage vulnerabilities like the latest MFA exploit.

Why Certified ITAD Matters

At SEAM, we see firsthand how improper IT asset disposal can put businesses at risk. Simply wiping a device or deleting files isn’t enough. Proper data destruction and certified IT asset disposition (ITAD) ensure that no recoverable information remains. SEAM’s process includes:

• Certified data destruction using NIST 800-88 standards.
• Secure chain of custody tracking to prevent leaks.
• Compliance-focused disposal, ensuring businesses meet regulatory requirements.

Protect Your Business Beyond MFA

While MFA is a critical security layer, it’s not a catch-all solution—especially when old devices and credentials are left exposed. Businesses need a full-circle approach to cybersecurity, from active protection to responsible IT asset management.

If your company is decommissioning devices, upgrading systems, or handling IT asset refreshes, make sure you’re working with a trusted, certified ITAD partner. Contact SEAM today to learn how we keep your retired IT assets—and your data—secure.

Levi Hentges is the Vice President / Development at SEAM. He helps clients build and manage their IT Asset Disposition (ITAD) programs to comply with legal, corporate and environmental requirements surrounding their technology devices; including asset recovery and resale, data destruction and secure electronics recycling.