Skip to main content

Google software glitch exposes personal details of 280,000 Google Apps domain owners

The failed privacy add-on offered by Google's domain registration partner

The failed privacy add-on offered by Google’s domain registration partner

More than a quarter of a million people who had opted to keep their contact details private when registering web domains through a Google Apps service have had that information made public as a result of a software glitch by Google.

Usually when you buy a domain name, your name, address, phone number and email list are all made available to anyone who wants to view them by using a WHOIS lookup service. Most domain registrars offer a way around this, where their details, rather than yours, are listed. The $6/year privacy add-on offered by Google’s domain registration partner eNom failed when the domains were renewed, leaving the customer’s details exposed … 

Networking company Cisco found that of the 305,925 domains registered through the service, 94% of them–282,867–were affected. It found that the problem began in the middle of 2013, but was only discovered last month. Google began investigating the same day it was reported, and emailed customers yesterday to inform them and apologize.

Dear Google Apps Administrator,We are writing to notify you of a software defect in Google Apps’ domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it.

When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom’s unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.

The availability of the data potentially leaves customers at risk of both increased spam and phishing attacks.

It’s not ideal timing for Google, the issue coming to light as Google is publicly beta-testing its own domain registration service following an invitation-only phase last June.

Although Google has fixed the problem, as TNW notes, the data will still be available through many WHOIS lookup sites who index data when it is published or changed.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel