Breaking news:
ADVERTISEMENT
ADVERTISEMENT
RADP / Pulse Nigeria  >  BI  >  Tech

Your salary info might be exposed due to this common mistake in the Google Groups settings (GOOGL, IBM)

pulse

A configuration error at hundreds of companies has left sensitive information open to the public.

Google's cloud boss Diane Greene can probably see all of that private information anyway.
Google's cloud boss Diane Greene can probably see all of that private information anyway.

Hundreds of companies are inadvertently sharing private information via Google Groups, including everything from employee salary compensation to customer passwords. And it's all thanks to the click of one little button.

An audit from the security intelligence group RedLock found personally identifiable information in publicly accessible messages in the Google Groups for companies including IBM's The Weather Company, Fusion Media Group, the cloud-based help desk software Freshworks, and video ad platform SpotX.

Among the info discovered: sales pipeline data, names, email addresses, home addresses, compensation, and passwords.

Google Groups is a convenient way for companies to sort and manage internal communications. A company can have several groups under its umbrella, which allow employees to participate in group discussions that are relevant to them.

ADVERTISEMENT

Often, companies will access Google Groups through G Suite — a subscription service of Google Cloud products that includes personalized email addresses, Google Docs, and file storage.

However, RedLock discovered that at hundreds of companies, some of these private conversations were publicly accessible. And it all came down to someone clicking the wrong button under Advanced Settings.

"The companies affected by this issue mistakenly chose the 'public on the internet' sharing setting, making all information contained in the messages accessible by anyone on the web," according to RedLock.

Luckily, the fix is simple: Just go into settings for "Outside this domain - access to groups" and set it to private.

Update: In an email to Business Insider, SpotX said that it has resolved the aformentioned concerns.

ADVERTISEMENT

"Our team has completed a very thorough audit of all of our Google Groups to ensure that our communications are tightly secure. We can confirm that all information that is not intended for public use has been locked down to our internal team. In addition, we have updated our group creation requirements. We place the utmost importance on client, partner and employee data, and our team works hard to ensure all data is secure. We will continue to do so."

pulse

Enhance Your Pulse News Experience!

Get rewards worth up to $20 when selected to participate in our exclusive focus group. Your input will help us to make informed decisions that align with your needs and preferences.

I've got feedback!

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

ADVERTISEMENT
ADVERTISEMENT