Google WHOIS Reveals Android App Users’ Personal Information

01 Apr



Summary :

Domain administrators’ personal information leaked. It affects 94% of the domains registered via Google App using eNom. Any person that decides to buy a domain name online has to ideally opt for WHOIS protection so the usually visible personal information associated with the domain name is masked. This is an option as unlisted registration option can also be utilized by the users. The recent bug revealed the personal information including names, email addresses, physical addresses and the contact numbers of the administrators or the other personnel linked to the domain names falling under the Google App (eNom) registrations. As per the stats there are 305,925 domains that are under the eNom umbrella, out of these 305,925, 282,867 were effected and were exposed the personal information of. The first to notice this was CISCO Talos who immediately informed Google to look into the matter. Google has sent the email to the administrators notifying them of this issue and also latest Google news briefs the users that the recently registered domains have not been affected since this has happened only to the renewed ones. This means that any domain that got registered after the issue had exposed is not affected since their re-registration or renewing of the domain is not happening any time sooner. Identity theft, data theft and spear phishing are major risks that can occur on the domains’ personal information.

Description : 

Attention all the Android users and developers! If you are one of those hundreds of thousands of people who use Android-based smart phones then we have a latest Google News for you. It seems that the search engine giant had lately been busy with exposing all the bugs in their competitors’ products and meanwhile their own company had been exposed for the bug that leaked the personal information of thousands of App users.

Before we try to explain the bug itself, let’s see what WHOIS is and what it does. Whenever you are registering a domain name, it is necessary and ideal for you to use WHOIS as a feature that asserts privacy. It is said to be essential because without it the private information associated with your domain name registration is available to anyone on the Internet. That registration information includes name, email address, contact numbers and the physical address. Nobody would want such significant information to be exposed for any person to exploit it.

The possible outcomes of such exposition can include identity theft, data theft and spear phishing. These attacks can intrude into your emails; can mock your identity in order to perform online banking and many more. Usually the customers are expected to request and pay for it along with the domain name registration fee.

The identifiable information about the registrant of the domain name is in the form of a file and is available, that is what WHOIS. Basically WHOIS acts like a telephone directory, having all the necessary information about all the domain names on the internet. This is not an option but an obligation by the ICANN (The Internet Corporation for Assigned Names and Numbers), which keeps track of the conventions to be followed when registering for a domain name. This is WHOIS information. There are privacy protections used to keep it from being always publicly available for anyone and everyone.

The issue occurs when the domain names are re-registered. The previously protected data by the WHOIS protection is now providing the actual data of the users and is causing threats and dangers already. This was first pointed by CISCO Talos and they immediately informed the Google Security to look into this matter. As far as the number of domains whose data and personal information has been exposed due to this are 282,867 out of 305,925 domains that are registered using partnership of Google with eNom. Google News said that the new registrants haven’t faced this issue because they haven’t gone through the renewal process. The information was revealed in the form of WHOIS accounts and included names, phone numbers, addresses and emails of the domains.

As per the Latest Google News, the following notification was sent to the administrators of the effected domains:

“Dear Google Apps Administrator, We are writing to notify you of a software defect in Google Apps’ domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it.

When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom’s unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.”

The domains that had chosen an option of being protected were at the end of the day exposed. The registrants that chose the anonymous or unlisted option were safe. The impact has been severe on the leaked information of the administrators as one can expect spear phishing to be one of the exploits using the victims’ personal information. The emails can look as an authenticated one because they are coming from the domain’s administrator. The most important thing to protect you online is the layered protection that can be used. It includes the firewalls, can also include honey pot and the updated versions of anti-viruses.

Leave a comment

Posted by on April 1, 2015 in Google, Technology


Tags: , , , , , ,

Your Opinion

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: