Google Apps Bug Exposes some Users Data to be Public

According to a cadre of Cisco security researchers (via ArsTechnica), a Google Apps bug exposed some users’ personal information in spite of those users opting to keep the data private. It made nearly 283,000 WHOIS registration records to be public.  The records may include names, home and email addresses, and phone numbers.

This is one of the most important issues for Google that the people are requesting for private domains. People desire for hiding domain information because they need more privacy to protect from phishing or other scams. (Phishing refers to the acquisition of a user’s personal information by sending an e-mail professing as a trustworthy source).

Google Apps for Work used a third-party privacy provider called eNom that provides users the option to conceal their personal information for about $6 per year.

The Cisco team investigated that 305,925 domains are registered through registrar eNom and found that 94 percent were exposed until a fix being issue days after the private disclosure of the flaw.

“The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire internet,” the team wrote.

Talos also said the leaked Google Domains info “will be available permanently, as a number of services keep Whois information archived.”

“A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the eNom domain registration API,” the spokesman said. “We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused.”

Google stated that the records of the affected domains are now set back to being private and the issue will not upset any customer renewals in the months ahead. Google instantaneously pointed out that the data leak was restrained exclusively to the domain-registration information and nothing has been stored in Google Apps.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...