Google apps leaks WHOIS Data of 280,000 domains
Posted by: Timothy Weaver on 03/14/2015 08:42 AM
[
Comments
]
Hundreds of thousands of domain registrants have been notified by Google that their private WHOIS information has been exposed, opening them up to identity theft, phishing scams and more.
The problem, according to researchers from Cisco Talos, likely lies with one of Google’s registrar partners eNom and affects 94 percent of the 305,925 domains registered through the partnership.
“Of course, it is well-known that many WHOIS registration details can easily be forged. In the event that the WHOIS record clearly contains false data, that information can still be used for the sake of threat attribution,” Cisco said.
“The obvious risk here is that some of these individuals who have been unmasked may now be in some form of danger as a result of their connection with the domain registration, ” Cisco said. “Privacy remains a key issue of concern for individuals and organizations of all sizes. In the case of WHOIS data and privacy protection, it’s clear that there is value in protecting domain registration information from being published given the 94% opt-in rate.”
Google sent out the following note to Apps administrators:
“When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps renewal system, eNom’s unlisted registration service was not extended when your domain registration service was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.”
However, there is a silver lining; Some domains seemingly run by fraudsters have been caught in the kerfuffle having their probably fake WHOIS records exposed in what prove to be useful intelligence for threat attribution efforts.
Source: InfoSec
The problem, according to researchers from Cisco Talos, likely lies with one of Google’s registrar partners eNom and affects 94 percent of the 305,925 domains registered through the partnership. “Of course, it is well-known that many WHOIS registration details can easily be forged. In the event that the WHOIS record clearly contains false data, that information can still be used for the sake of threat attribution,” Cisco said.
“The obvious risk here is that some of these individuals who have been unmasked may now be in some form of danger as a result of their connection with the domain registration, ” Cisco said. “Privacy remains a key issue of concern for individuals and organizations of all sizes. In the case of WHOIS data and privacy protection, it’s clear that there is value in protecting domain registration information from being published given the 94% opt-in rate.”
Google sent out the following note to Apps administrators:
“When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps renewal system, eNom’s unlisted registration service was not extended when your domain registration service was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.”
However, there is a silver lining; Some domains seemingly run by fraudsters have been caught in the kerfuffle having their probably fake WHOIS records exposed in what prove to be useful intelligence for threat attribution efforts.
Source: InfoSec
Comments
