Google leaks private details of website owners

Google has inadvertently leaked the names, addresses, phone numbers and email addresses of website owners who opted to keep the information private, researchers have revealed.

The privacy breach - reported today by Cisco researchers - means the contact details of individuals and organisations who have registered internet domains will appear on the whois internet directory service, despite the registrants choosing to keep the information out of the public.

Some domain registries offer registrants the option to keep this information private, sometimes for a fee, which many website owners opt to do.

In Google's case, the company partners with third-party registrars to allow customers who don't already own a domain to purchase one through them for use with Google Apps.

The root cause of the privacy breach was a "software defect" that meant the privacy settings for 94 percent of domain names registered for Google Apps through domain registrar eNom were being automatically switched off when the domains came up for renewal.

The researchers said the problem had existed since mid 2013, with 282,867 domains affected.

"Google reports that new domains which have not faced a renewal period are not affected and many businesses do not opt into their privacy service," the researchers wrote in a blog post.

The leaked information was now at risk of being mined and leveraged for malicious purposes, the researchers said, including spamming, spear phishing or other types of harassment.

Cisco said it immediately notified Google after becoming aware of the problem late last month. The issue was fixed within days, it reported.

Google said it was contacting affected customers.