Google has accidentally leaked about 283,000 website owners’ personal details in 2013 and it was only discovered two years later.
Reports said the fault first appeared back in mid-2013 but it has only recently been discovered and fixed.
The error was identified by security researchers at CISCO.
Craig Williams, senior technical leader for Cisco’s Talos research group who discovered the issue, said he stumbled across the problem last month while doing research on domains associated with malware.
The privacy breach involves whois, a database that contains contact information for people who have bought domain names.
The owners of the websites in question had all opted into “WHOIS privacy protection,” which means owners can elect to make information private, often by paying an extra fee. So if someone WHOISes — or queries — the website, the personal details of the individual who registered it are hidden.
Nearly 306,000 websites domains were registered this way but Cisco found that 282,867 or 94% of them have had their personal details unmasked due to a fault in Google’s code.
A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.
Williams said the data will make it easier for cybercriminals to draft phishing emails that try to trick victims into divulging information or clicking on malicious links. TRENDS.NG