Misconfigured Google Groups are leaking a lot of sensitive data
Misconfigured Google Groups may accidentally be spewing private conversations over the internet.
Why it matters: A study conducted by Kenna Security published Friday found that, out of 9,600 public Google Groups it found by researching domains held by some of largest web sites, around a third leaked email sent through the platform.
Kenna lists a sampling of the email subjects it found:
- Re: Document(s) for Review for Customer [REDACTED]. Group: Accounts Payable
- Re: URGENT: Past Due Invoice. Group: Accounts Payable
- Fw: Password Recovery. Group: Support
- GitHub credentials. Group: [REDACTED]
- Sandbox: Finish resetting your Salesforce password. Group: [REDACTED]
- RE: [REDACTED] Suspension Documents. Group: Risk and Fraud Management
What now: Google posted instructions to bolster privacy in apparent response to the study. Simple changes to settings could prevent the emails from being visible to the public.
Where have I heard this before? The Google issue is similar to other leaky data problems caused by misconfigured settings, including a number of cloud storage accounts and web databases that researchers have discovered over the past few years.