The Register® — Biting the hand that feeds IT

Feeds

Google tools gaffe let ZOMBIE web admins feast on websites

Dead accounts resurrected to cause merry hell

By John Leyden, 29th November 2012
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Google potentially allowed former web admins to drive corporate websites off a cliff by resurrecting deleted accounts for its webmaster tools service.

Google Webmaster Tools accounts can be used by anyone to manage their websites, from checking the indexing of pages to fine-tuning their visibility in the dominant search engine. Google's glitch, which revived old or disabled accounts and granted them permission to make alterations, was first noted by search-engine optimisation blogger Dave Naylor.

Although the tools are free to use, they have become quite powerful over the years, and can help make or break a site in terms of visitor numbers. Unauthorised access to the service could be used for all sorts of mischief, Naylor warned:

Webmaster Tools is so much more powerful than it ever was there is a serious risk that damage could be caused to sites by people who no longer have permission to make changes. Things like disavow link lists, de-index urls or the entire site, redirect urls, geolocation alterations… a whole world of pain.

The blunder also opened up access to Google Analytics, allowing ex-employees or contractors to spy on their former employers, Search Engine Journal added.

Fortunately Google resolved the screw-up, according to a statement issued to Searchengineland.com on Wednesday:

For several hours yesterday a small set of Webmaster Tools accounts were incorrectly re-verified for people who previously had access. We’ve reverted these accounts and are investigating ways to prevent this issue from recurring.

The cause of the breach remains unclear. We've put in a query to Google and will update this story if we hear more. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (9)
Highly Rated
Zaphod.Beeblebrox

Google is always so careful with our data

I'm stunned this happened, stunned I say!

10
3
Steve Knox
Reply Icon

Re: what does deleted mean?

Decades of being wheedled by incompetent users have convinced most developers to ensure that the "delete" button doesn't actually delete anything.

We've been conditioned to retain but flag because when the inevitable request to restore the data comes, it doesn't matter to the user that they clicked OK on the giant flashing "WARNING THIS WILL DELETE THIS INFORMATION WITH NO HOPE OF RECOVERY. CLICK OK ONLY IF YOU REALLY REALLY MEAN IT" message. As far as they're concerned, if the data can't be restored, it's our fault.

3
0
Gene Cash

"put in a query to Google"

I do that all the time!

1
0

More from The Register

breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
33
Kaspersky slips server security into PC software as attackers get crafty
Want to bag a CEO? Aim for his family
8
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS
40