Google Apps Bug Exposes some Users Data to be Public
According to a cadre of Cisco security researchers (via ArsTechnica), a Google Apps bug exposed some users' personal information in spite of those users opting to keep the data private. It made nearly 283,000 WHOIS registration records to be public. The records may include names, home and email addresses, and phone numbers.
This is one of the most important issues for Google that the people are requesting for private domains. People desire for hiding domain information because they need more privacy to protect from phishing or other scams. (Phishing refers to the acquisition of a user's personal information by sending an e-mail professing as a trustworthy source).
Google Apps for Work used a third-party privacy provider called eNom that provides users the option to conceal their personal information for about $6 per year.
The Cisco team investigated that 305,925 domains are registered through registrar eNom and found that 94 percent were exposed until a fix being issue days after the private disclosure of the flaw.
"The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire internet," the team wrote.
Talos also said the leaked Google Domains info "will be available permanently, as a number of services keep Whois information archived."
"A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps' integration with the eNom domain registration API," the spokesman said. "We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused."
Google stated that the records of the affected domains are now set back to being private and the issue will not upset any customer renewals in the months ahead. Google instantaneously pointed out that the data leak was restrained exclusively to the domain-registration information and nothing has been stored in Google Apps.
This is one of the most important issues for Google that the people are requesting for private domains. People desire for hiding domain information because they need more privacy to protect from phishing or other scams. (Phishing refers to the acquisition of a user's personal information by sending an e-mail professing as a trustworthy source).
Google Apps for Work used a third-party privacy provider called eNom that provides users the option to conceal their personal information for about $6 per year.
The Cisco team investigated that 305,925 domains are registered through registrar eNom and found that 94 percent were exposed until a fix being issue days after the private disclosure of the flaw.
"The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire internet," the team wrote.
Talos also said the leaked Google Domains info "will be available permanently, as a number of services keep Whois information archived."
"A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps' integration with the eNom domain registration API," the spokesman said. "We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused."
Google stated that the records of the affected domains are now set back to being private and the issue will not upset any customer renewals in the months ahead. Google instantaneously pointed out that the data leak was restrained exclusively to the domain-registration information and nothing has been stored in Google Apps.