Google Apps Bug Exposes some Users Data to be Public

According to a cadre of Cisco security researchers (via ArsTechnica), a Google Apps bug exposed some users’ personal information in spite of those users opting to keep the data private. It made nearly 283,000 WHOIS registration records to be public.  The records may include names, home and email addresses, and phone numbers.

This is one of the most important issues for Google that the people are requesting for private domains. People desire for hiding domain information because they need more privacy to protect from phishing or other scams. (Phishing refers to the acquisition of a user’s personal information by sending an e-mail professing as a trustworthy source).

Google Apps for Work used a third-party privacy provider called eNom that provides users the option to conceal their personal information for about $6 per year.

The Cisco team investigated that 305,925 domains are registered through registrar eNom and found that 94 percent were exposed until a fix being issue days after the private disclosure of the flaw.

“The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire internet,” the team wrote.

Talos also said the leaked Google Domains info “will be available permanently, as a number of services keep Whois information archived.”

“A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the eNom domain registration API,” the spokesman said. “We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused.”

Google stated that the records of the affected domains are now set back to being private and the issue will not upset any customer renewals in the months ahead. Google instantaneously pointed out that the data leak was restrained exclusively to the domain-registration information and nothing has been stored in Google Apps.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.