Report: Google Error Leaks Hidden Data For 280,000 Domains

Usually when we hear that a company has had a bunch of data leaked to the world, hackers are responsible. But in the case of a Google leak involving hidden data for 280,000 domain names, a bug in Google’s system is apparently to blame.

Ars Technica reports on a discovery by Cisco Systems’ researchers that the complete hidden WHOIS data for 282,867 domains registered through Google Apps for Work service in a partnership with registrar eNom has leaked, including names, phone numbers, email addresses, physical addresses and more.

The accounts that were leaked account for 94% of the addresses Google Apps has registered. Its services include a $6 per year fee to shield all personal information included in WHOIS records from the public view, promising that it will stay in the hands of eNom barring a court order.

But starting in the middle of 2013, information began trickling out of Google due to a software defect in Google Apps. Once a domain registration was renewed, the bug caused data to become public.

Cisco’s Talos Security Intelligence and Research Group discovered the leak on Feb. 19, and it was plugged five days later.

While a lot of WHOIS data is likely false — what with what it calls “obviously fake” names, addresses and other data in public WHOIS records — users who thought their data was protected by the privacy service Google offered are likely not happy about that information becoming public.

“The reality of this WHOIS information leak is that it exposed the registration information of hundreds of thousands of registration records that had opted into privacy protection without their knowledge or consent to the entire Internet. This information will be available permanently as a number of services keep WHOIS information archived,” Cisco researchers explain.

Cisco points out that while some people use fake information to register domains, those who don’t could be at risk: Villains with access to that information could send targeted spear phishing emails using the victim’s name, address, etc, to make the phishing attempt seem more legitimate. Identity theft is also a possibility, so Cisco recommends users “adopt safe browsing habits and make use of layered defenses like antivirus and anti-spam technology.”

Google emailed a notice to users of its service last night, writing:

Dear Google Apps Administrator,

We are writing to notify you of a software defect in Google Apps’ domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it.

When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom’s unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.

A Google spokesperson also told Ars that the bug was traced to how Google Apps integrates with eNom’s domain registration program interface. The spokesman reiterated that the root cause has been identified and fixed.

Epic Google snafu leaks hidden whois data for 280,000 domains [Ars Technica]