Google leaked the complete hidden whois data attached to more than 282,000 domains registered through the company’s Google Apps for Work service, a breach that could bite good and bad guys alike.

The 282,867 domains counted by Cisco Systems’ researchers account for 94 percent of the addresses Google Apps has registered through a partnership with registrar eNom. Among the services is one that charges an additional $6 per year to shield from public view all personal information included in domain name whois records. Rather than being published publicly, the information is promised to remain in the hands of eNom except when it receives a court order to turn it over. (The hidden service was free to Google App users.)

Starting in mid 2013, a software defect in Google Apps started leaking the data, including names, phone numbers, physical addresses, e-mail addresses, and more. The bug caused the data to become public once a domain registration was renewed. Cisco’s Talos Security Intelligence and Research Group discovered it on February 19, and five days later the leak was plugged, slightly shy of two years after it first sprung.

Read the Full Article: Source – Ars Technica
http://arstechnica.com/security/2015/03/epic-google-snafu-leaks-hidden-whois-data-for-280000-domains/

source not found