An Indian cybersecurity expert, Avinash Jain, recently discovered that Google’s calendar service may be exposing sensitive data of users online.
According to his findings, thousands of Google Calendars were found to be exposing private data and more than 8000 calendars were indexed in Google’s search engine which means anyone can access it randomly.
The issue isn’t exactly security vulnerability per se because Google configured it as such for better collaboration between users to share event reminders and organize better.
The problem is that sensitive information such as presentation links, employee email, addresses about various organizations are exposed and a single mistake from any employee could result in organizational data getting public.
Google lists all publicly shared calendars and grants access to anyone who makes an advanced search query which means that sensitive data is in their hands. Also, it worsens as Google doesn’t notify about any activity in the Google Calendar even if a third-party accesses it and adds an event.
To protect data from unwanted actors, users can make sure that they’re not unknowingly making the data public. It is also possible for the users to create an alert manually if their calendar is made public without their knowledge.
BhartiAirtel to invest $673 million in its Nxtra data center expansion
Google fined $177 million by South Korea for blocking Android customization
BrakTooth vulnerability found to be affecting billions of Bluetooth devices
South Korea bill to restrict Apple and Google from charging app store commissions
Google and facebook plans new undersea data cable
© 2021 CIO Bulletin. All rights reserved.