Google Apps Bug Exposes Around 283,000 Website Owners's Personal Details
Around 283,000 Google Apps domains registered by eNom are at risk from a potential information leak according to Cisco's Talos research group. The information leak includes names, addresses and phone numbers of the domain name owners.
"A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps' integration with the eNOM domain registration API," a Google spokesperson told eWEEK. "We identified the root cause, made the appropriate fixes and communicated this with affected Apps customers."
Google Apps uses multiple domain registration partners and the Whois privacy issue has only impacted Google Apps customers with domains at eNom.
According to Cisco's research, the unmasking likely first started in mid-2013.
"We were unaware of the issue until I discovered it on Feb 19, 2014," Craig Williams, senior technical leader, Cisco Talos said. "We have the ability to look back and see when the issue seems to have begun occurring."
"So, basically, as domains began to renew, the privacy settings were turned off," Williams added. "The information was available to anyone until we notified Google and the issue was resolved."
Given that Whois server data can be cached for archival purposes, even after the issue has been fixed, the disclosed information could still potentially be discovered and retrieved, eWeek noted.