Google Groups are private by default. Many businesses have this configured to "Public on the Internet." As a result, Google Groups can leak emails and expose passwords, financial data, and employee names, addresses, and email addresses.
More than 9,600 institutions - including hospitals, universities, media companies, government agencies, and Fortune 500 organizations - have public Google Groups settings. Of these, researchers found 3,000 are currently leaking some form of sensitive email
It's not just customer data at risk. Google Groups configured to Public can also leave corporate data and internal resources open to the Internet. Kenna's investigation unearthed real emails with GitHub credentials, password recovery, invoices, and suspension documents.
https://www.darkreading.com/cloud/google-groups-misconfiguration-exposes-corporate-data/d/d-id/1331951
No comments:
Post a Comment