Google leaks small biz stats to random people
Traffic data snafu blamed on 'human error'
Google has inadvertently leaked web traffic data for multiple small businesses to random third-parties across the web.
On January 7, web marketing consultant David Dalka received an email from Google that included traffic stats from its Local Business Center. This is a portal where small businesses can add themselves to Google's local search index and track visits to such listings. Dalka uses the Local Business Center on behalf of multiple clients, but the email detailed November 2009 data for a company called Boscos, an outfit he'd never heard of.
The email included the number of times Boscos had appeared in Google's local search results during the month, the number of users who clicked on the listing, the number who clicked for "more info," the number who clicked for driving directions, and the number who clicked on the company's website.
After digging up a recent Tweet from someone who'd received a similar email, he blogged about the incident, and several others responded to say they too had received detailed Google traffic info for unfamiliar merchants.
In each case, the email details November 2009 stats for a seemingly random business, and among the emails that are now public, the business is never the same.
At least some users received an apology, in which Google acknowledged the emails. When we contacted the company, it did much the same - though it played down the incident, saying it had sent "incorrect information" to less an one per cent of its LBC users. It's unclear how many users it claims.
"We send a monthly newsletter to our Local Business Center users, featuring product news and a glimpse at statistics about the traffic Google properties drive to their listing," read a statement from a company spokeswoman. "Shortly after sending the newsletter to a small portion of our users (less than 1%), we discovered that some emails included incorrect business listing information.
But when asked if the "incorrect information" was data related to real third-party business, the spokeswoman confirmed that it was.
The company blames the leak on "human error".
"We promptly stopped sending any further emails and investigated the cause," the statement continued, "which we found to be a human error while pulling together the newsletter content.
"We'd like to apologize to all the business owners affected and assure all our users that we're working hard to ensure that nothing similar will happen again. Those affected should have all received a corrected email."
In his blog post, David Dalka compares Google's snafu to AOL's infamous 2006 data breach, remembering Eric Schmidt's claim that his company would never follow in AOL's footsteps. "Our number one priority is the trust that our users have and that would be a violation of trust, so the answer is, it won’t happen," Schmidt said in 2006.
This is a tad different. AOL leaked search data for individual users. Google has leaked traffic data for small businesses. But at least some of Dalka's concern is warranted - however many users Google leaked those stats too. After all, this is Google - a company that may house more data about the world's people and businesses than any other, with more streaming in by the day.
"The Internet is about trust. Lose it and it's hard to get back. If I were sitting on Google's board of directors, I'd certainly be asking the management team about what caused this apparently haphazard communication of private data and what internal controls will be changed to prevent a future similar event," Dalka told The Reg.
"Google randomly exposing analytics data to various people concerns me. It makes me wonder what other processes could this happen with at Google? How will businesses' privacy be protected from Google?" ®
Sponsored: Global DDoS threat landscape report