Feeds

Google Docs suffers serious security lapse

Cloudbusting bug shares documents

Combat fraud and increase customer satisfaction

Google confessed to a serious bug in its Docs sharing system over the weekend, but downplayed the security cockup by claiming only a tiny number of users had been affected.

The internet search kingpin said that less than 0.05 per cent of Google Docs accounts were hit by a privacy breach after documents were shared “inadvertently” with other users.

Mountain View said in a blog post, penned by Docs product manager Jennifer Mazzon, that the security lapse was “limited to people with whom the document owner, or a collaborator with sharing rights, had previously shared a document.”

She claimed that very “few users” would have been affected by the bug “because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place.”

Google said the error was limited to its Docs system within Google Apps and did not affect its spreadsheet system, though some presentations were also hit by the error.

The company fixed the bug by using what it described as an “automated process to remove collaborators and viewers from the documents” that had been exposed to the security glitch.

In other words it stripped all sharing privileges from the documents affected by the bug and then informed affected users that they would have to manually re-share their documents.

“We're sorry for the trouble this has caused. We understand our users' concerns (in fact, we were affected by this bug ourselves) and we're treating this very seriously,” said Mazzon.

Google has recently been attempting to woo businesses away from desktop-based Office suites in favour of adopting the company's cloud-based Apps system.

In January Google confirmed it had inked deals with IT resellers to sell its online applications to biz customers. From the end of this month authorised resellers will be able to flog, customise and support premium versions of Google Apps.

However, this latest bug could lead some businesses to conclude that pushing their personal information up into the clouds simply poses too big a security risk. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.