Cisco security researchers recently revealed that since mid-2013, a bug in Google Apps made the WHOIS information on 282,867 domains available publically despite the fact that owners had specifically requested such information remain private.
The issue is limited to those that used Google Apps for Work and registered a domain, a service that Google offered through a partnership with eNom. For an additional $6 per year, owners could have their personal information shielded from public view – a common service offered by registrars.
A software defect in the domain renewal system made this hidden information public for all to see after a domain was renewed.
WHOIS information often contains personal data about the person that registered a domain including name, address, e-mail address and phone number.
The Internet Corporation for Assigned Names and Number (ICANN) notes that WHOIS information should be kept up-to-date and failing to do so can be grounds for cancellation of a domain name registration. In the real world, however, most people don’t keep this information updated and many don’t provide valid information in the first place (the latter actually being a good thing in this instance).
Google has confirmed that the bug has since been fixed but for many, the damage has already been done. At the very least, it would seem that a refund or account credit is in order for the $6/year users paid for nothing.