Data leakage is an increasing problem these days, but it’s not always hackers who are to blame for the spillage of confidential information. Sometimes it’s directly the fault of the company itself – as is the case with misconfigured Google Groups settings affecting an alarming number of firms.
This is according to security outfit RedLock Cloud Security Intelligence, which has highlighted the errant sharing settings apparently used by hundreds of organisations including The Weather Company (which operates Weather.com), Freshworks (helpdesk software), SpotX (video ad platform) and Fusion Media Group (parent of Gizmodo, Lifehacker and more).
Google Groups facilitates the creation and management of online forums and email groups, but when configuring a group, RedLock observes that some companies have set the sharing option for ‘outside this domain – access to groups’ to ‘public on the internet’.
This mistake unfortunately means that all the contents of the messages can be accessed by anyone on the web, and it exposes information including names, addresses, emails, and unfortunately customer passwords and even figures for the salary of staff members.
Hopefully any affected firms will have already fixed this issue having had their attention drawn to it, or will be in the process of doing so right now. As mentioned, the last thing we need is more data exposure via self-sabotage when there’s enough danger from probing hackers out there.