Cisco has exposed a major WHOIS privacy flaw in nearly 300,000 domains registered via Google Apps, exposing users to potential phishing attacks and identity theft.
The networking giant’s Talos security group claimed in a blog post that the issue occurred in mid-2013, revealing the WHOIS registration details of domain owners who had explicitly opted to keep their information private.
The domains were all registered via Google Apps using eNom as a registrar, with roughly 94% of the 305,925 registered affected, according to Cisco.
The irony is that the privacy service was explicitly created to prevent the kind of identity theft now made possible by the snafu.
The information exposed apparently included full names, addresses, phone numbers, and email addresses for each domain.
Google sent out the following note to Apps administrators:
“When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps renewal system, eNom’s unlisted registration service was not extended when your domain registration service was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.”
Cisco warned that those who have had their private details exposed are at a heightened risk of spear phishing and identity theft.
Although Google’s security team restored the privacy settings “within days” of being notified by Cisco, the firm warned that “the internet never forgets.”
“Affected users need to realize that this information has been publicized. These records will continue to be available to anyone with access to a cached database of WHOIS information,” Cisco added.
“Organizations that handle any sensitive information must ensure that the appropriate systems are safeguarded and that the processes handle failure gracefully. In this instance, a simple check on domains changing state from being privacy protected to not being privacy protected could have identified the problem as it started to occur.”