TechSpot

Private WHOIS information on 280K domains have been public for years thanks to Google Apps bug

By Shawn Knight
Mar 13, 2015
Post New Reply
  1. google apps google domain domain registration whois data whois

    Cisco security researchers recently revealed that since mid-2013, a bug in Google Apps made the WHOIS information on 282,867 domains available publically despite the fact that owners had specifically requested such information remain private.

    The issue is limited to those that used Google Apps for Work and registered a domain, a service that Google offered through a partnership with eNom. For an additional $6 per year, owners could have their personal information shielded from public view – a common service offered by registrars.

    A software defect in the domain renewal system made this hidden information public for all to see after a domain was renewed.

    WHOIS information often contains personal data about the person that registered a domain including name, address, e-mail address and phone number.

    The Internet Corporation for Assigned Names and Number (ICANN) notes that WHOIS information should be kept up-to-date and failing to do so can be grounds for cancellation of a domain name registration. In the real world, however, most people don’t keep this information updated and many don’t provide valid information in the first place (the latter actually being a good thing in this instance).

    Google has confirmed that the bug has since been fixed but for many, the damage has already been done. At the very least, it would seem that a refund or account credit is in order for the $6 per month users paid for nothing.

    Permalink to story.

     
  2. davislane1

    davislane1 TS Evangelist Posts: 3,549   +2,352

    ICANN may advise keeping WHOIS data up to date, but that isn't the issue here.

    Somebody, somehwere, missed this flaw. Therefor, there is only one pertinent question: WHODONEIT?
     
  3. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +501

    A user's privacy being disclosed is worth a lot more than $6.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...