Google admits to user data disclosure

By

Anti-phishing list logged user names and passwords.

Google admits to user data disclosure
Google has confirmed that it unwittingly disclosed sensitive login and password information pertaining to more than a dozen users. 

The information was disclosed three weeks ago as part of Google's freely accessible anti-phishing blacklist.

Google said in a written statement that the problem has since been fixed, and that procedures have been put in place to strip login information from future submissions.

The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.

Security firm Finjan said that it first notified Google of the problem on 3 January, and confirmed that the list has since been cleaned of any sensitive user information. 

A Google spokesman told vnunet.com that all users who had information disclosed had been notified "weeks ago". 

The disclosure of usernames and passwords on the internet can be especially dangerous because many people use the same password for every site they visit, explained Finjan.

An attacker who obtained the password for one site could access more sensitive information on other sites, such as credit card numbers or bank account information.

Finjan advised users to avoid using the same password for several accounts, and to install security software and disable URL sharing in their browsers in order to avoid having sensitive data from URLs recorded.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
datadisclosuregooglesecuritytouser

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?