Google leaked confidential data related to more than 280,000 domain names

Google leaked confidential data related to more than 280,000 domain names

The private information of names, addresses, emails and phone numbers used to register thousands of websites have been posted publicly. Ars Technica (a website for news related to technology, science etc.) explains the situation.

“Google has disclosed all the secret Whois data attached to more than 282,000 registered domain names via the service Google Apps for Work.”

The problem was found by 4 engineers from Talos (the Cisco security intelligence unit).

“The problem appeared in 2013 and began to make public information hidden for domain name owners who had chosen to use WHOIS privacy protection. These domain names were all registered via Google App, using eNom as the registrar. 282,867 domain names, or 94% of them appear to have been affected. (Google announces that new domain names that weren’t renewed were not affected and many companies choose not to hide such information.)

One of them, Craig Williams, said he contacted Google, who restored the privacy settings within six days. Google announced that the problem was a defect in the software, but no one knows if that is actually true.

“It is clear that Whois data is rarely reliable and can’t be trusted on 100% with all those fake names and other fake data that is presented in the public Whois.”, said Ars Technica.

“However, it is very clear to think that some people were more open to the idea of using a Google service that supposedly protected privacy and claimed to hide their data. And even in some cases where the information was falsified, they can still give important clues about the identity of the people.”

This is what Ars Technica explains in its conclusion:

“It will take time to get things back to normal even though the protections to hide the data are back in place. It’s not so simple for those who do not know how to access data related to the 282,000 domain names, and even more so after two weeks have passed and the data is hidden again. Registrars make it difficult to download, but as Cisco researchers explain, falsified data is now part of the Internet’s files and it will not be hard to find if anybody wants it. It won’t be something unexpected of this now-hidden information started to sell on the black market shortly. “