Jun 1, 2018 - Technology

Misconfigured Google Groups are leaking a lot of sensitive data

Joe Uchill

Photo: Chesnot/Getty Images

Misconfigured Google Groups may accidentally be spewing private conversations over the internet.

Why it matters: A study conducted by Kenna Security published Friday found that, out of 9,600 public Google Groups it found by researching domains held by some of largest web sites, around a third leaked email sent through the platform.

Kenna lists a sampling of the email subjects it found:

Re: Document(s) for Review for Customer [REDACTED]. Group: Accounts Payable
Re: URGENT: Past Due Invoice. Group: Accounts Payable
Fw: Password Recovery. Group: Support
GitHub credentials. Group: [REDACTED]
Sandbox: Finish resetting your Salesforce password. Group: [REDACTED]
RE: [REDACTED] Suspension Documents. Group: Risk and Fraud Management

What now: Google posted instructions to bolster privacy in apparent response to the study. Simple changes to settings could prevent the emails from being visible to the public.

Where have I heard this before? The Google issue is similar to other leaky data problems caused by misconfigured settings, including a number of cloud storage accounts and web databases that researchers have discovered over the past few years.

Add Axios on Google

Misconfigured Google Groups are leaking a lot of sensitive data

What to read next