Welcome to WebmasterWorld Guest from 54.224.200.104

Forum Moderators: goodroi

Message Too Old, No Replies

Google Admits to User Data Disclosure

     
12:45 pm on Jan 23, 2007 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24145
votes: 519


Google has confirmed that it unwittingly disclosed sensitive login and password information pertaining to more than a dozen users.

The information was disclosed three weeks ago as part of Google's freely accessible anti-phishing blacklist.

Google said in a written statement that the problem has since been fixed, and that procedures have been put in place to strip login information from future submissions.

Google Admits to User Data Disclosure [vnunet.com]

2:24 pm on Jan 23, 2007 (gmt 0)

New User

10+ Year Member

joined:June 7, 2006
posts:11
votes: 0


When dealing with information in that magnitude, mistakes happen. At least they didn't give it away for a price. And they were quick to plug the leak and do some PR and let the people know. I would be more concerned it was leaked that they purposefully gave it out.
3:17 pm on Jan 23, 2007 (gmt 0)

New User

10+ Year Member

joined:Apr 19, 2006
posts:15
votes: 0


URL that contains login data? Huh?
4:17 pm on Jan 23, 2007 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


I remember reading somewhere that Google does not delete it's data at all, meaning that our entire history and thoughts are essentially there. IMO it's only a matter of time before a major leak occurs.
4:32 pm on Jan 23, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.

Ok, so it wasn't a leak, per se. Users submitted sensitive URLs to Google, and Google automatically published them. I wouldn't really blame Google for that.
5:35 pm on Jan 23, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


walkman, you have to be more specific when prophecizing a doomsday for google. A two minute search just revealed several of google's data practices. They vary based on service, but none appear to be as terrible as you suggest.
8:13 pm on Jan 23, 2007 (gmt 0)

Senior Member

joined:Dec 29, 2003
posts:5428
votes: 0


>> A two minute search just revealed several of google's data practices.

I will stand by my "doom and gloom" scenario. Data practices are all fine and dandy, but mistakes do happen, hackers do break in, and most importantly, the police will one day demand them.

For the record: this is not just about Google, it applies to all companies.

12:01 am on Jan 24, 2007 (gmt 0)

New User

10+ Year Member

joined:Apr 22, 2004
posts:10
votes: 0


That's why I tend to use screwgle.

If you've searched using Google, and you've had the same broadband connection at home for 2-3 years (and a static IP), there's a good chance GOOG knows what you've been thinking about for the past few years. If you use Adwords or AdSense, GOOG knows what income you make through GOOG (and your credit card and home/billing address). If your business depends heavily on GOOG PPC or natural SERP they could roughly estimate your business income. If you use Gmail, well - they know who you've been talking to.

That described me, and when I realised it, i started reducing my dependency on GOOG. That's why I avoid GOOG checkouts - it's another collection point of my personal info.

Matt Cutts' declaration in response to the DOJ subpoena mentioned that GOOG limits access to different areas of the company on a need to know basis; but this statement seemed to be more to emphasise the proprietary nature of the algo.

As anyone in large companies know, (even in financial services companies), multiple data stores aren't difficult to access. And it takes just one disgruntled employee who leaves the company to wreak havoc.

GOOG isn't to blame though, its our own personal choice as to how much information we give one entity.

12:16 am on Jan 24, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 25, 2005
posts:419
votes: 0


And just because you're paranoid, doesn't mean they're NOT out to get you!
4:16 am on Jan 24, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 13, 2002
posts:408
votes: 0


more than a dozen users

Even a million is more than a dozen. How many users are they talking about?
5:05 am on Jan 24, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


More than a dozen usually means less than two dozen.
9:42 am on Jan 24, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Nov 12, 2005
posts:227
votes: 0


Then they should have said 'less than two dozen'.
3:03 pm on Jan 24, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


But the point is that it was a very small number of users, and the at-risk population was not Google's entire user base, but only the people who submitted sensitive URLs via the anti-phishing tool.