Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Minor Google Security Lapse Obscures Ongoing Online Data Risk

Information gathered for Google's Safe Browsing extension for Firefox wasn't safely stored on Google's servers, according to a report issued by computer security company Finjan.

Finjan today confirmed earlier reports that Google's anti-phishing blacklist, containing private user names and passwords, was accessible without protection on Google's servers. The company said that it made the discovery on Jan. 3, that it informed Google, and that the data is no longer publicly accessible.

In a statement, Google explained, "Some URLs users submitted to the Google Safe Browsing project included credential information such as login and/or password for the Web site they were visiting. We have removed this information from URLs in the blacklist and created a process whereby this information is automatically stripped from future URLs submitted by users. In addition, we are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords."

Finjan said in its report, "Such sensitive information could potentially have been used to compromise user privacy, and could even have been used for identity theft or financial profit (as users generally have a single 'Web' password for most of their online accounts)."

It could also be used for marketing, if you happen to be selling security products.

  • 1