Google Apps WHOIS Error Exposed Domain Private Details

Share it:
The Epic thing had with Google App users, as Cisco Security team have revealed that a flaw in the Google App WHOIS exposes hundreds of thousands of the domain owner's personal details.

On the advisory note research team explain the flaw, and says that the issue began in mid-2013 and has been unmasking the details of people who opted for WHOIS privacy protection ever since. The flaw reveals the names, address, email address and phone numbers of 282,867 Google app users.

Google App users were affected after they renewed their private WHOIS domain registration data.  Researcher explains, there were 309,925 domains were registered through Google's partner registrar eNom and found that 94 percent of its users were affected.

Researchers had reported the issue to Google team but users information can still been seen as WHOIS lookup services keep the information they index archived. The information leaks on this flaw can be misused by many tactics such as spamming, spear phising or other potential forms of harassment.

After the notification of the issue, Google sent out the following notification to all App users:


UPDATE:- 
Google mentioned that team had fixed the issue. In the statement Google's representative says -
“A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the Enom domain registration API. We identified the root cause, made the appropriate fixes, and communicated this with affected Apps customers. We apologize for any issues this may have caused.”
Share it:

Google

News

Research

Security

Post A Comment:

0 comments:

Follow by Email