Google managed to leak full hidden WHOIS data for 282,867 domains registered through the Google Apps for Work service.
These domains account for 94 per cent of the addresses Google Apps has registered through a partnership with registrar eNom, including services which charge extra money to keep their users' data private.
The data, including names, phone numbers, physical addresses and e-mail addresses started leaking in 2013, after a software malfunction in Google Apps.
The bug caused the data to become public once a domain registration was renewed. Cisco's Talos Security Intelligence and Research Group discovered it on February 19 and five days later the leak was plugged.
However, it's not just the good guys whose information has been leaked. Bad guys have also been exposed, and as Cisco researchers Nick Biasini, Alex Chiu, Jaeson Schultz, Craig Williams, and William McVey wrote, some of them will have some 'splaining to do':
"For example, the domain 'federalbureauinvestigations.com' has an extremely poor web reputation score. Another domain, 'hfcbankonline.com', also possesses a similarly poor web reputation score (we can only speculate as to the reason).Of course, it is well-known that many WHOIS registration details can easily be forged. In the
"Of course, it is well-known that many WHOIS registration details can easily be forged. In the event that the WHOIS record clearly contains false data, that information can still be used for the sake of threat attribution, as was the case of the String of 'Paerls' investigation.“
A Google spokesman said the bug resided in the way Google Apps integrated with Enom's domain registration program interface, ArsTechnica reports (opens in new tab).
It was reported through Google's Vulnerability Rewards Program. The spokesman said the root cause has been identified and fixed.