Thursday, 28 Nov, 2024

Tech

Google apps bug leaks 280,000 users’ domain data

ICT Desk |
Update: 2015-03-14 01:44:00
Google apps bug leaks 280,000 users’ domain data

DHAKA: It was just discovered that Google leaked the personal data from almost 280,000 websites registered through its Google Apps For Work service since 2013, according to Ars Technica. The leak was revealed in a blog post by Cisco Systems researchers.

Unlike most leaks, which are deliberate hacks at weak points in database security, this data was just made available to anyone who searched for it in the WHOIS directory, the public database of registered domains.

The leak was caused by a bug in Google’s software, which started revealing personal data of domains that renewed their registered in mid-2013, including names, phone numbers, and physical addresses.

While that data is made public by default, the Apps For Work service—a suit of tools for enterprise clients—offered an optional $6-per-year feature that would hide that data and store it with the registrar eNom, a Google partner.

Pic: Domain Data Leak

94 percent of the 305,925 domains registered had bought the annual privacy feature, but the software bug caused the data to become public once a domain was renewed—which included almost all registered domains by late 2013.

The Cisco Systems researchers noted in their post that the leaked data will be available online permanently, since many services archive it. As Ars Technica points out, some of the data—filled out when registering a domain—is likely falsified, but enough could be collected and analyzed for patterns to point to real people.

Unfortunately, that optional $6-per-month security service likely gave some users false confidence, and may have led them to share more personal data than they would have otherwise.

According to Ars Technica, Cisco’s Talos Security Intelligence and Research Group discovered the bug on February 19 and five days later, the leak was plugged.

While this data wasn't spit out to the masses and publicized like previous data leaked by hackers, this software oversight is alarming, especially since it went unnoticed for nearly two years.

Source: Fast Company

BDST: 1135 HRS, MAR 14, 2015

All rights reserved. Sale, redistribution or reproduction of information/photos/illustrations/video/audio contents on this website in any form without prior permission from banglanews24.com are strictly prohibited and liable to legal action.