Due to a software bug in Google’s system more than 282, 000 domains were leaked. The breach in the system negligently gave away emails, names, addresses and phone numbers that were specified as private. The domains in question were registered through the Google Apps for Work platform in partnership with eNom registrar.
The exact number of the compromised domains was counted by Cisco System and is estimated as 282,867. The research group, led by senior tech specialist Craig Willams, found the security problem on February 19 and put an end to it shortly after. Google Apps for Work should have kept all domain whois data as it was set as private by the owners.
Furthermore, in order to keep their information secure, people usually pay an extra fee. It is now known that the leak started in the middle of 2013. The software defect was initiated after the renewal of domains.
Can the Leak Be Exploited?
The problem is that a leak of this scale makes it easier for cyber crooks to complete successfully phishing campaigns that may lead to further issues. Fortunately, as it turns out, whois data is more unreliable than it was suspected.
It contains mainly of fake personal data, but there are still people who are open to using their real credentials. Moreover, some falsified data may still do the work for cyber criminals since it often follows a certain pattern that in the end points at the actual person.
To calm the spirits, the Cisco researchers underline that registrar breaches are not easy to exploit, especially after the breach was patched. But once released in the open web space, it won’t be hard for hackers to find it.
The giant explained that the bug appeared because of how Google Apps integrated eNom’s registrar. The vulnerability has now been eliminated, as Google’s spokesperson confirmed.