Welcome to WebmasterWorld Guest from 54.144.79.200

Forum Moderators: goodroi

Message Too Old, No Replies

Google Admits to User Data Disclosure

     

engine

12:45 pm on Jan 23, 2007 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Google has confirmed that it unwittingly disclosed sensitive login and password information pertaining to more than a dozen users.

The information was disclosed three weeks ago as part of Google's freely accessible anti-phishing blacklist.

Google said in a written statement that the problem has since been fixed, and that procedures have been put in place to strip login information from future submissions.

Google Admits to User Data Disclosure [vnunet.com]

RHeimann

2:24 pm on Jan 23, 2007 (gmt 0)

5+ Year Member



When dealing with information in that magnitude, mistakes happen. At least they didn't give it away for a price. And they were quick to plug the leak and do some PR and let the people know. I would be more concerned it was leaked that they purposefully gave it out.

tinusg

3:17 pm on Jan 23, 2007 (gmt 0)

5+ Year Member



URL that contains login data? Huh?

walkman

4:17 pm on Jan 23, 2007 (gmt 0)



I remember reading somewhere that Google does not delete it's data at all, meaning that our entire history and thoughts are essentially there. IMO it's only a matter of time before a major leak occurs.

mcavic

4:32 pm on Jan 23, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.

Ok, so it wasn't a leak, per se. Users submitted sensitive URLs to Google, and Google automatically published them. I wouldn't really blame Google for that.

rohitj

5:35 pm on Jan 23, 2007 (gmt 0)

10+ Year Member



walkman, you have to be more specific when prophecizing a doomsday for google. A two minute search just revealed several of google's data practices. They vary based on service, but none appear to be as terrible as you suggest.

walkman

8:13 pm on Jan 23, 2007 (gmt 0)



>> A two minute search just revealed several of google's data practices.

I will stand by my "doom and gloom" scenario. Data practices are all fine and dandy, but mistakes do happen, hackers do break in, and most importantly, the police will one day demand them.

For the record: this is not just about Google, it applies to all companies.

varkenjaab

12:01 am on Jan 24, 2007 (gmt 0)

10+ Year Member



That's why I tend to use screwgle.

If you've searched using Google, and you've had the same broadband connection at home for 2-3 years (and a static IP), there's a good chance GOOG knows what you've been thinking about for the past few years. If you use Adwords or AdSense, GOOG knows what income you make through GOOG (and your credit card and home/billing address). If your business depends heavily on GOOG PPC or natural SERP they could roughly estimate your business income. If you use Gmail, well - they know who you've been talking to.

That described me, and when I realised it, i started reducing my dependency on GOOG. That's why I avoid GOOG checkouts - it's another collection point of my personal info.

Matt Cutts' declaration in response to the DOJ subpoena mentioned that GOOG limits access to different areas of the company on a need to know basis; but this statement seemed to be more to emphasise the proprietary nature of the algo.

As anyone in large companies know, (even in financial services companies), multiple data stores aren't difficult to access. And it takes just one disgruntled employee who leaves the company to wreak havoc.

GOOG isn't to blame though, its our own personal choice as to how much information we give one entity.

m0thman

12:16 am on Jan 24, 2007 (gmt 0)

5+ Year Member



And just because you're paranoid, doesn't mean they're NOT out to get you!

vik_c

4:16 am on Jan 24, 2007 (gmt 0)

10+ Year Member



more than a dozen users

Even a million is more than a dozen. How many users are they talking about?

mcavic

5:05 am on Jan 24, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



More than a dozen usually means less than two dozen.

simey

9:42 am on Jan 24, 2007 (gmt 0)

5+ Year Member



Then they should have said 'less than two dozen'.

mcavic

3:03 pm on Jan 24, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



But the point is that it was a very small number of users, and the at-risk population was not Google's entire user base, but only the people who submitted sensitive URLs via the anti-phishing tool.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month