Google Glitch Exposes Identifying Information about Hush-Hush Website Operators
Web Services
A programming error compromised the hidden “whois” data associated with more than 282,000 website administrators. Among the users affected are those who bought a service that charges an additional $6 per year to shield all personal information from public view.
The breach affects about 94 percent of the addresses that Google Apps registered through a partnership with registrar eNom. The cause of the error was the way Google Apps integrated with eNom's domain registration program interface.
“Rather than being published publicly, the information is promised to remain in the hands of eNom except when it receives a court order to turn it over. (The hidden service was free to Google App users.),” Ars Technica reports. But “a software defect in Google Apps started leaking the data, including names, phone numbers, physical addresses, e-mail addresses, and more.”
The bug uncloaked the data once a domain registration was renewed. Cisco's Talos Security Intelligence and Research Group discovered the goof.
“The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire Internet. This information will be available permanently as a number of services keep WHOIS information archived,” according to Ars.