Jun 1, 2018 - Technology

Misconfigured Google Groups are leaking a lot of sensitive data

Google logo

Photo: Chesnot/Getty Images

Misconfigured Google Groups may accidentally be spewing private conversations over the internet.

Why it matters: A study conducted by Kenna Security published Friday found that, out of 9,600 public Google Groups it found by researching domains held by some of largest web sites, around a third leaked email sent through the platform.

Kenna lists a sampling of the email subjects it found:

  • Re: Document(s) for Review for Customer [REDACTED]. Group: Accounts Payable
  • Re: URGENT: Past Due Invoice. Group: Accounts Payable
  • Fw: Password Recovery. Group: Support
  • GitHub credentials. Group: [REDACTED]
  • Sandbox: Finish resetting your Salesforce password. Group: [REDACTED]
  • RE: [REDACTED] Suspension Documents. Group: Risk and Fraud Management

What now: Google posted instructions to bolster privacy in apparent response to the study. Simple changes to settings could prevent the emails from being visible to the public.

Where have I heard this before? The Google issue is similar to other leaky data problems caused by misconfigured settings, including a number of cloud storage accounts and web databases that researchers have discovered over the past few years.

Go deeper