Uh oh.
When you register a domain and pay for privacy protection, you expect your personal details to be hidden in a WHOIS database.
That wasn’t the case for Google customers as we’re learning the details of an epic domain privacy snafu.
A group of security researchers from Cisco have revealed that Google had been slowly de-anonymizing customers that were buying domains from them. Due to an issue with the way Google’s system interacted with eNom, customers that thought they were getting identity protection as part of the Google App services, were not given that protection.
282,867 of Google’s 305,925 domain customers had their records sitting out in the open since 2013, including names, email addresses and phone numbers, according to an article by the New York Observer.
Big G issued the following statement:
A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the Enom domain registration API. We identified the root cause, made the appropriate fixes, and we’re communicating with affected Apps customers. We apologize for any issues this may have caused.
In other words, there was a problem, Google found out about it and corrected it.
Google began contacting customers last Thursday night, informing them of the error. You can read that email and more coverage at this link.
Leave a Reply