Google reported that it has fixed the error that compromised the sensitive personal data of more than a dozen individuals by making it available on its public phishing blacklist. Although just a small number of people were involved, the gaffe raised doubts over the search giant's ability to protect user privacy.
How Much is 'Free' Costing You?
Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Google (Nasdaq: GOOG) unwittingly disclosed sensitive login and password information of more than a dozen users, opening up a can of worms for the search giant by exposing a flaw in its anti-phishing tool.
The security snafu was discovered in Google's anti-phishing extension for the Firefox Web browser, according to security vendor Finjan, which first discovered the vulnerability on Jan. 3.
The extension accidentally gathered some users' e-mail 
addresses and passwords, and then posted the information on the company's online phishing blacklist, which consists of thousands of fraudulent URLs reported to Google's anti-phishing tool.
Google has since implemented a tool that can tell when a submitted URL contains log-in data and prevents that information from getting posted to the list. So far, there has been no indication that the data has been abused, according to the company.
Although the incident exposed just a relatively small number of users to potential headaches such as identity theft, the log-in information contained on 15 URLs submitted through Google's Firefox toolbar could have easily created many more problems, Yuval Ben-Itzhak, Finjan's chief technology officer, told TechNewsWorld.
However, lucky for users of the service, most of the URLs on the list didn't have log-in information.
Because users generally have a single Web password for most of their online accounts, the "sensitive information could potentially have been used to compromise user privacy, and could even have been used for identity theft or financial profit," he said.
The breach is similar to an incident last summer in which AOL accidentally exposed millions of search queries from its Web portal. Many of those queries contained private data that was made public on the company's research Web site.
To prevent similar incidents, Finjan recommends that Web surfers employ different usernames and passwords for sites they visit, and disable URL sharing and forwarding functions.
"After examining the data provided in these files, Finjan found that sensitive user information was available on the Web with no access protection, including e-mails, usernames, passwords and session tokens that could be used by hackers to compromise users' privacy," Ben-Itzhak said.
Finjan has posted a photo of the list containing the URLs on its Web site, with the sensitive information blacked out.
Print Version
E-Mail Article
Reprints
More by Tim Gray
Next Article in ID Security
|
Retail Conglomerate TJX Reports Customer Info Leak January 18, 2007 
TJX, parent company of T.J. Maxx, Marshalls and other retail chains in several countries, disclosed Wednesday that customer data had been stolen from its computer network. Compromised data includes credit card, debit card, checking, drivers' license and transaction record information. TJX said the scope of the breach has not yet been determined.
|
Related Stories
|
2007 Security Threats on the Rise January 10, 2007 
With the new calendars freshly hung on the wall, an important question surfaces: What security threats are on the rise for 2007? It appears that the year will bring more narrowly defined threats or "targeted threats," which are different from what we've seen before. They are more focused on individual information as opposed to mass-mailing worms that are sent over the Internet to randomly infect victims.
|
Opera Takes On Phishers With Latest Browser Release December 20, 2006 
As an increasing number of Internet users shop online, phishers -- thieves who dupe users into performing transactions or sharing information with phony but legitimate-looking Web sites -- are taking advantage of the higher volume of potential targets, according to Opera CEO Jon von Tetzchner. "Cybercriminals are very active during the holiday season," he said.
|
Related News Alerts
More by Tim Gray
|
Blockbuster Lowers Subscriptions Rates June 13, 2007 
Blockbuster will now offer a new plan allowing customers to place online orders to rent three movies at a time for $16.99, a dollar less than its previous top-tiered offering, called Total Access. The movies are mailed to the customer. Blockbuster is losing money on the online business but says it will be profitable next year as orders rise.
|
Toshiba Slashes HD DVD Sales Targets June 12, 2007 
Toshiba now expects to sell 44 percent fewer HD DVD players than forecast this year. The slump comes at a critical time for the company, as the market still has not shown which high definition disc player format will dominate. Blu-ray Disc technology, rival of the HD DVD format, already has a foothold in 170 major companies.
|
Jobs: We Also Make Computers June 12, 2007 
Apple provided at its annual developer conference a peek at some of the 300 new features of "Leopard," the company's latest operating system, which is slated for October release. The computer maker will also make its Safari Web browser available for users of Microsoft's Windows operating system.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
