Hundreds of companies spilling data via Google Groups configuration mistakes

Data leakage is an increasing problem these days, but it’s not always hackers who are to blame for the spillage of confidential information. Sometimes it’s directly the fault of the company itself – as is the case with misconfigured Google Groups settings affecting an alarming number of firms.

This is according to security outfit RedLock Cloud Security Intelligence, which has highlighted the errant sharing settings apparently used by hundreds of organisations including The Weather Company (which operates, Freshworks (helpdesk software) and Fusion Media Group (parent of Gizmodo, Lifehacker and more).

Going public

Google Groups facilitates the creation and management of online forums and email groups, but when configuring a group, RedLock observes that some companies have set the sharing option for ‘outside this domain – access to groups’ to ‘public on the internet’.

This mistake unfortunately means that all the contents of the messages can be accessed by anyone on the web, and it exposes information including names, addresses, emails, and unfortunately customer passwords and even figures for the salary of staff members.

Hopefully any affected firms will have already fixed this issue having had their attention drawn to it, or will be in the process of doing so right now. As mentioned, the last thing we need is more data exposure via self-sabotage when there’s enough danger from probing hackers out there.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).