Google Accidentally Leaked 283,000 Website Owners’ Personal Details
The error was identified by security researchers at Cisco.
Craig Williams, senior technical leader for Cisco’s Talos research group who discovered the issue, said he stumbled across the problem last month while doing research on domains associated with malware.
Cisco Talos said the vulnerability affects websites registered via Google Apps for work, using the registrar eNom.
The privacy breach involves whois, a database that contains contact information for people who have bought domain names.
The owners of the websites in question had all opted into “WHOIS privacy protection,” which means owners can elect to make information private, often by paying an extra fee. So if someone WHOISes — or queries — the website, the personal details of the individual who registered it are hidden.
Nearly 306,000 websites domains were registered this way but Cisco found that 282,867 or 94% of them have had their personal details unmasked due to a fault in Google’s code.