Google Apps bug leaks 280,000 domain records

Google was forced to hastily patch its Apps for Work cloud suite after researchers at Cisco found a bug that has leaked masses over data over the last two years.

More than 280,000 Whois records created as part of the search engine’s partnership with web domain registrar eNom were found to have leaked, including names, phone numbers, physical addresses and email addresses.

This occurred when domains registered under eNom’s Whois privacy service, which is supposed to stop such details being published publicly unless under court order, came up for renewal, after which the details were published to the web without redaction.

Writing on its blog Talos, a research group at Cisco, said: "It’s possible to mine this information and leverage it for malicious purposes, such as spamming, spear phishing or other potential forms of harassment."

Having become aware of the problem in February, the group quickly informed Google who fixed the problem in five days, but Cisco has warned this may not be the end of the problem.

"The Internet never forgets," Talos said. "Affected users need to realise that this information has been publicised. These records will continue to be available to anyone with access to a cached database of Whois information."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing