280 thousand WHOIS information registered in Google Apps leaked, name and address after 2013 mid-term that should be undocumented leaked out


ByChristian Ditaputratama

Google Apps for WorkDomain information such as name, address, e-mail address etc. registered in private information is supposed to be hidden originally by choosing private option, but it should not be opened to the public, but more than 280 thousand domain informationWHOISIt was found that it was registered directly.

Epic Google snafu leaks hidden whois data for 280,000 domains | Ars Technica
http://arstechnica.com/security/2015/03/epic-google-snafu-leaks-hidden-whois-data-for-280000-domains/

Be a Google partnerENomProvides a domain management tool, and as one of its services you can pay 6% additional fee per year so that you do not disclose your personal information during domain registration. As long as court orders do not go down, the information is kept confidential by eNom's hands and not open to the public, so Google Apps users have been able to use this service for free. However, it turned out that 280,286 cases of domain information of users who were registered in Google Apps and hidden via eNom were actually in the open state.

Computer network equipment development companyCisco Systems G.K.According to the investigation, from the middle of 2013 personal information such as name, telephone number, address, mail address leaked due to Google Apps defect. Once the information that was registered as private was updated to a public status by updating the domain registration due to a bug, he said. Cisco Systems noticed the situation in February 2015 and the bug was fixed after 5 days, but the information continued to flow for about two years.

ByRon Bennetts

The WHOIS data often uses pseudonyms and lie addresses, etc. Although the reliability of registered information is low in the first place, "Google insists that" information is kept secret " Many people have handed out the correct information for reasons. Also, even if it is lie information, there is some connection between the principal and the organization where information is registered, so it is said that a malicious person can extract information from there as well.

Google sent explanations on this matter to users on March 12, 2015. "I am sorry to inform you that there was a flaw in Google Apps domain registration system.I am sorry indeed.We have already dealt with this flaw.I was choosing domain information privately as an option Customers did not post information in WHOIS during the first year of registration, but due to a defect in the Google Apps domain renewal system, when renewing the domain registration from the following year, it is not covered by eNom's domain delegation service As a result, your information was registered directly in WHOIS "was written in the e-mail.

Accessing over 280,000 personal information registered directly to WHOIS is not easy for amateurs. However, Cisco Systems researchers pointed out the problem as "people with the purpose of finding information are not difficult." Currently it is domain information that is in a private state again, but in the past two years malicious someone got information and selling it in the black market is said that it is not amusing.

ByPerspecsys Photos

in Software, Posted by logq_fa