Google has accidentally leaked the personal details of more than 280,000 customers, Ars Technica reports. The fault first appeared back in mid-2013, but it has only recently been discovered and fixed, meaning people have been at risk for years.
Identified by security researchers at Cisco, the vulnerability affects websites registered via Google Apps for work, using the registrar eNom. The owners of the websites in question had all opted into "WHOIS privacy protection," which means that when someone WHOISes — or queries — the website, the personal details of the individual who registered it are hidden.
You might use the service if you're an anonymous political blogger, or run a website about an embarrassing hobby — or are just particularly privacy-conscious.
305,925 websites domains were registered this way — but Cisco found that 282,867 of them (94%) have had their personal details unmasked due to a fault in Google's code. Customers' leaked information includes "full names, addresses, phone numbers, and email addresses."
Cisco first discovered the issue on February 19, 2015, two years after the fault first arose. After Google was notified, the search giant then fixed it around a week later, and notified customers last night. It's unclear how many customers seeking anonymity were unmasked as a result of this error.
Cited Business Insider UK
How do you go about reviewing and testing your IT Security?
No comments:
Post a Comment