Dasting
unread,Aug 6, 2025, 10:54:28 PMAug 6Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to looker-studio-developers-forum
Hello everyone,
I’ve encountered a serious issue with Looker Studio and would like to ask if anyone has experienced something similar. Here's what I’ve observed:
1. A large number of reports have appeared in my Looker Studio dashboard that do not belong to me and have no relation to my data.
These reports appear to be created using Windsor.ai templates, as the second page of each report contains Windsor-branded template elements. Windsor.ai is a service that provides third-party connectors for Looker Studio.
2. I have been a paying user of Windsor.ai for over three years, and have consistently used their Looker connector without issues—until now.
3. Since July, these unrelated reports have started appearing in my dashboard. Even after manually deleting them, new ones keep showing up every few days, and I’ve found no way to permanently stop this.
4. When I copy the URLs of these reports into an incognito browser window (not logged into any Google account), the reports still open—meaning they are set to “Public”. This presents a significant security concern.
5. A colleague of mine, who also has access to Windsor.ai data sources, is seeing over 100 unrelated reports in her Looker dashboard as well, and neither of us can identify where they are coming from.
I contacted Windsor.ai’s support team and received the following response:
"What you're experiencing appears to be a bug within Looker Studio itself, not an issue caused by Windsor.ai. Google has had past incidents where reports or data sources from other users became visible after copying templates from the community or gallery. This may occur due to how Looker Studio caches shared resources or fails to properly isolate connections when templates are copied."
Given the ongoing appearance of these unauthorized reports, the public accessibility of the links, and the potential exposure of sensitive data from unrelated users, I’ve decided to revoke Windsor.ai authorization from all connected accounts as a precautionary measure.
I’m now trying to determine whether:
1.Is this a Looker Studio platform bug?
2.An integration issue involving Windsor.ai or a broader data isolation failure across the third-party connector.
Has anyone experienced similar behavior? I would appreciate any insight or confirmation from others. This appears to pose a real risk of data leakage for businesses using Looker Studio with third-party connectors.
Thx
Dasting