Google Apps software error ended up exposing the personal data of numerous website owners who had chosen to keep the information private.
The privacy problem encountered is related to Whois, a database containing contact information for the people who bought domain services to their websites. Among the information is names, addresses, emails and phone numbers . For privacy reasons, people can choose to make these private pages, often by paying an extra fee for this.
To security analysts, this information into the hands of hackers and cyber criminals can be valuable. For Craig Williams Craig Williams, senior technical leader of Talos research group at Cisco, who discovered the problem with these data in hand hackers can find it easier to send and phishing emails to taking victims to click on malicious links. Simply put, criminals can ride emails “reliable” since state the correct informaçãos users, which supposedly only allow their companies would have access.
According to Cisco, the problem affected owners of 282,867 domains . Google partners with domain registration companies, to allow your users to register their domain names in Apps. Williams, who discovered exposed information in the register eNom, one of the partners of Google, came into contact with the Mountain View company. On some days, the privacy settings were restored.
In a statement, Google claimed a ‘software defect “of Google Apps domónios. On Thursday, the company said in a statement that is contacting users affected by the bug.
The damage will be long-term even if the privacy protections are now back in line. Privacy Changes in Whois are immediately recorded by many people and organizations, including security companies.
“A lot of people track this information, historically, in silence,” Williams said.
However, for Williams, there may be an advantage for security firms in information leaks. Since many use false data in the register, criminals can be tracked when trying to run scams with these stolen information, such as names, documents and credit cards of others.
“There are legitimate reasons to track information whois “he said.
No comments:
Post a Comment