Google admits to user data disclosure

By

Anti-phishing list logged user names and passwords.

Google admits to user data disclosure
Google has confirmed that it unwittingly disclosed sensitive login and password information pertaining to more than a dozen users. 

The information was disclosed three weeks ago as part of Google's freely accessible anti-phishing blacklist.

Google said in a written statement that the problem has since been fixed, and that procedures have been put in place to strip login information from future submissions.

The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.

Security firm Finjan said that it first notified Google of the problem on 3 January, and confirmed that the list has since been cleaned of any sensitive user information. 

A Google spokesman told vnunet.com that all users who had information disclosed had been notified "weeks ago". 

The disclosure of usernames and passwords on the internet can be especially dangerous because many people use the same password for every site they visit, explained Finjan.

An attacker who obtained the password for one site could access more sensitive information on other sites, such as credit card numbers or bank account information.

Finjan advised users to avoid using the same password for several accounts, and to install security software and disable URL sharing in their browsers in order to avoid having sensitive data from URLs recorded.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?