Google Apps Bug Exposes some Users Data to be Public

According to a cadre of Cisco security researchers (via ArsTechnica), a Google Apps bug exposed some users’ personal information in spite of those users opting to keep the data private. It made nearly 283,000 WHOIS registration records to be public.  The records may include names, home and email addresses, and phone numbers.

This is one of the most important issues for Google that the people are requesting for private domains. People desire for hiding domain information because they need more privacy to protect from phishing or other scams. (Phishing refers to the acquisition of a user’s personal information by sending an e-mail professing as a trustworthy source).

Google Apps for Work used a third-party privacy provider called eNom that provides users the option to conceal their personal information for about $6 per year.

The Cisco team investigated that 305,925 domains are registered through registrar eNom and found that 94 percent were exposed until a fix being issue days after the private disclosure of the flaw.

“The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire internet,” the team wrote.

Talos also said the leaked Google Domains info “will be available permanently, as a number of services keep Whois information archived.”

“A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the eNom domain registration API,” the spokesman said. “We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused.”

Google stated that the records of the affected domains are now set back to being private and the issue will not upset any customer renewals in the months ahead. Google instantaneously pointed out that the data leak was restrained exclusively to the domain-registration information and nothing has been stored in Google Apps.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Why You Need a Disaster Recovery Plan (DRP)

Although an apocalyptic IT network disaster may be unthinkable, a company should plan for its eventual occurrence and remediation. Sooner or later, catastrophe will...

Access Target’s Webcam, Microphone, Device location, and more

Cybercriminals and black hat hackers exploit system vulnerabilities and human weaknesses as well. This hacking tutorial discusses how a malicious actor can access any...

The Benefits of Automated Penetration Testing

Penetration testing has been one of the industries that are relatively slow adopters of automation. As security firms started automating many parts of the...

Wii Features That We Loved The Most and Would Like to See on Other Consoles

The Wii was released in the US on November 19, 2006, for $249 and is the smallest of the 7th generation consoles. Its dimensions...