Private data leaks suck, and unfortunately there have been plenty of them over the past few years – and now Google joins the ranks of other companies as the private information regarding the registrations of 280,000 domain names registered via Google Apps has been leaked. Security research group Cisco Talos had noticed a problem that seems to have existed since 2013 and has been slowly revealing the hidden registration information for domains that had opted into Whois privacy protection as they were renewed. Full names, addresses, phone numbers, and email addresses for each domain have been leaked in the form of Whois records.
There are around a total of 305,925 domains registered via Google’s partnership with eNom. Of these 282,867 domains, around 94 percent seem to have been affected. Google says that new domains that haven’t yet faced a request for renewal are not affected and of course some registrants choose not to hide their details anyway and won’t be affected by this data leak.
Luckily Cisco Talos notified Google immediately within days the privacy settings were restored to the affected domains. Google issued a notice to affected customers yesterday once it was sure the problem had been resolved. However, the information has been available for a long time, so sadly anyone with a cached copy of Whois information will still be able to access it.