Problem With Google Apps’ Domain Name Registration System Causes Private WHOIS Data to Leak For Nearly 283,000 Domains

From Cisco Talos:

In mid-2013, a problem occurred that slowly began unmasking the hidden registration information for owners’ domains that [our emphasis] had opted into WHOIS privacy protection [and paid an additional fee for the service]. These domains all appear to be registered via Google App, using eNom as a registrar. At the time of writing this blog, there are 305,925 domains registered via Google’s partnership with eNom. 282,867 domains, or roughly 94% appear have been affected. (Google reports that new domains which have not faced a renewal period are not affected and many businesses do not opt into their privacy service.) The information disclosed included full names, addresses, phone numbers, and email addresses for each domain. The information was leaked in the form of WHOIS records.
[Clip]
Cisco Talos became aware of this problem and immediately notified the Google security team. Within days the privacy settings were restored to the affected domains.
[Our emphasis] However, the Internet never forgets. Affected users need to realize that this information has been publicized. These records will continue to be available to anyone with access to a cached database of WHOIS information.

Read the Complete Blog Post for More Details
Coverage

• Epic Google Snafu Leaks Hidden WHOIS  Data for 280,000 Domains (via ars technica)

• Google Apps WHOIS Error Reveals Hundreds off Thousands Of Domain Owners’ Personal Details (via The Next Web)

Filed under: Data Files, News, Patrons and Users, Reports