December 1, 2020

Problem With Google Apps’ Domain Name Registration System Causes Private WHOIS Data to Leak For Nearly 283,000 Domains

From Cisco Talos:

In mid-2013, a problem occurred that slowly began unmasking the hidden registration information for owners’ domains that [our emphasis] had opted into WHOIS privacy protection [and paid an additional fee for the service]. These domains all appear to be registered via Google App, using eNom as a registrar. At the time of writing this blog, there are 305,925 domains registered via Google’s partnership with eNom. 282,867 domains, or roughly 94% appear have been affected. (Google reports that new domains which have not faced a renewal period are not affected and many businesses do not opt into their privacy service.) The information disclosed included full names, addresses, phone numbers, and email addresses for each domain. The information was leaked in the form of WHOIS records.

[Clip]

Cisco Talos became aware of this problem and immediately notified the Google security team. Within days the privacy settings were restored to the affected domains.

[Our emphasis] However, the Internet never forgets. Affected users need to realize that this information has been publicized. These records will continue to be available to anyone with access to a cached database of WHOIS information.

Read the Complete Blog Post for More Details

Coverage

About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

Share