Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 6 MINUTES AGO.
You are here: Home / Customer Data / Google Leaks Private Domain Data
Google Leaks Private Data from Hundreds of Thousands of Domains
Google Leaks Private Data from Hundreds of Thousands of Domains
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
13
2015
The private information of hundreds of thousands of domain owners was inadvertently released to the public, thanks to a mistake by Google. The hidden Whois data for more than 282,000 domains was accidentally leaked by Google Apps, according to a report by the Web site Ars Technica.

The error affected domains that Google had registered with its partner, domain registrar eNom. Around 94 percent of the domains Google registered with eNom have been made public.

Whois is a query and response protocol that identifies the individual or company behind the registration of a domain name, essentially revealing the owner of a Web site. The error stems from a software bug in the Google Apps for Work platform that arose in 2013. As a result of the defect, the database used by Google Apps leaked the Whois data for a domain whenever the owner renewed it.

The Phone Book of the Internet

Although the bug has existed for almost two years, Google only recently became aware of the issue and took the steps necessary to fix it. The flaw was initially discovered in February by the Talos Security Intelligence and Research Group, a division of Cisco systems, as part of Google’s Vulnerability Rewards Program. The bug was patched within five days of its discovery, according to Ars Technica.

The information that was made public by the breach includes full names, street addresses, phone numbers and e-mail addresses for the domains. The information leak exposed the affected users to a number of possible threats, including being targeted by spammers, spearphishers, or other online threats, according to a blog post by the Talos Security team. In fact, eNom had specifically marketed itself to customers as providing the security precautions necessary to keep their information secure.

“Whois acts as the phone book of the Internet, allowing anyone to query who owns what domain and how to contact them,” the Cisco researchers wrote in a blog post. “This is a requirement prescribed by ICANN, who organizes and manages the conventions used in domain names. Domain Name privacy protections are used to mask this information from always being publicly displayed. Just as it’s possible to pay to have your name removed from the phonebook.”

Repercussions for Years

Unfortunately for the individuals and companies affected by the breach, the information that was leaked is now a permanent part of the Internet record, since there are a number of services that keep Whois data archived. However, the news is not entirely negative: the leak has also identified several domains that have already been linked to malicious activity.

Domains such as “federalbureauinvestigations.com” and “hfcbankonline.com” both have extremely low reputation scores, and are likely to be involved in activities that are not entirely on the up-and-up, according to the Talos team.

Nevertheless, many domain owners opt to keep their personal and corporate information private for completely legitimate reasons. Those parties are likely to experience significant repercussions as a result of the breach for years to come, as the information will remain available to anyone with access to a cached version of the Whois database.

“Organizations that handle any sensitive information must ensure that the appropriate systems are safeguarded and that the processes handle failure gracefully,” according to Talos. “In this instance, a simple check on domains changing state from being privacy protected to not being privacy protected could have identified the problem as it started to occur.”

Tell Us What You Think
Comment:

Name:

A_Task_For_The_IETF:
Posted: 2015-03-13 @ 2:29pm PT
In this day and age of so many data leaks and breaches, this one is really minor. Whois data was meant to be public by design. Obviously the design is flawed and as a domain owner myself I received tons of phishing scams over the years. Rather than hammering on the bug at Google, it is time to redesign the whois database and make sure owners of domains can be contacted for intended purposes without collateral privacy damage.

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.