Patronum Logo
00%
cookie-iconThis website uses cookies.Learn MoreGet Started

Google Groups still leaking internal data

By Patronum

June 02, 2018

Read Time: < 1 mins

    Last July, we told you how RedLock researchers discovered that many organisations using Google Workspace had unintentionally exposed internal emails via misconfiguring their Google Groups settings. Unfortunately, almost 12 months later, it seems that Google Workspace administrators are still using misconfigured Google Groups exposing personal and confidential information to the public Internet.

    This month, Kenna Security Research Team reported in their blog that 9600 organisations have public Google Groups settings and 31% are currently leaking sensitive e-mail information. This sample includes Fortune 500 organizations; Hospitals; Universities and Colleges; Newspapers and Television stations; and even US government agencies.

    If publicly accessible, you may access your organization’s public listing at the following link: https://groups.google.com/a/[DOMAIN]/forum/#!forumsearch/

    Anyone can check if their company has publicly listed Google Groups by following the link: https://groups.google.com/a/[DOMAIN]/forum/#!forum search/

    As an administrator, you should also check your Google Workspace Google Groups settings via the Google Admin console. This should be set to “Private” – unless you’re explicitly using the Google Groups web interface as a forum.

    google group

    Kenna Security reported their findings to Google who decided that this wasn’t considered a vulnerability and a “won’t fix” status was recorded. While this isn’t technically a vulnerability Google could make things a little clearer for it’s Google Workspace administrators, such as flagging public Google Groups. It also seems a UX/UI flaw to display the “dangerous” setting slightly bolder than the rest as administrators may think that they are the recommended default settings.

    Related Blogs

    The 4 Quadrant Approach for Google Drive File Management: Ensure Compliance, Protect Sensitive Data, & Supercharge Efficiency Image

    By Patronum

    August 02, 2024

    The 4 Quadrant Approach for Google Drive File Management: Ensure Compliance, Protect Sensitive Data, & Supercharge Efficiency
    Read MoreAbout This Blog
    Email Signature Design Tips to Create Your Own Amazing Email Signatures Image

    By Patronum

    July 12, 2024

    Email Signature Design Tips to Create Your Own Amazing Email Signatures
    Read MoreAbout This Blog
    Beyond the Sign-Off: Leveraging Email Signature Analytics for Strategic Insights Image

    By Patronum

    June 14, 2024

    Beyond the Sign-Off: Leveraging Email Signature Analytics for Strategic Insights
    Read MoreAbout This Blog