New Delhi: Search engine Google has reportedly leaked the personal details of more than 2,80,000 users' data accidentally. Leaked information includes "full names, addresses, phone numbers, and email addresses."
The fault in Google codes were tracked in mid-2013 but it has been discovered recently and fixed.
The security researchers found the fault in Google codes at Cisco where 305,925 websites domains were registered but only 282,867 of them (94%) have had their personal details unmasked.
The vulnerability affects websites registered via Google Apps for work, using the registrar eNom. The owners of the websites in question had all opted into "WHOIS privacy protection," which means that when someone WHOISes — or queries — the website, the personal details of the individual who registered it are hidden.
The user's data were put at stake as it increased the possibilities of fraud and identity theft.
According to Google, users' affected domains are now back to being private.
Google was also quick to point out that the data leak was limited solely to the domain-registration information and nothing stored in Google Apps.
Here's the message Google Apps customers received:
Dear Google Apps Administrator,
We are writing to notify you of a software defect in Google Apps' domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it.
When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom's unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.