Feeds

Google tools gaffe let ZOMBIE web admins feast on websites

Dead accounts resurrected to cause merry hell

Remote control for virtualized desktops

Google potentially allowed former web admins to drive corporate websites off a cliff by resurrecting deleted accounts for its webmaster tools service.

Google Webmaster Tools accounts can be used by anyone to manage their websites, from checking the indexing of pages to fine-tuning their visibility in the dominant search engine. Google's glitch, which revived old or disabled accounts and granted them permission to make alterations, was first noted by search-engine optimisation blogger Dave Naylor.

Although the tools are free to use, they have become quite powerful over the years, and can help make or break a site in terms of visitor numbers. Unauthorised access to the service could be used for all sorts of mischief, Naylor warned:

Webmaster Tools is so much more powerful than it ever was there is a serious risk that damage could be caused to sites by people who no longer have permission to make changes. Things like disavow link lists, de-index urls or the entire site, redirect urls, geolocation alterations… a whole world of pain.

The blunder also opened up access to Google Analytics, allowing ex-employees or contractors to spy on their former employers, Search Engine Journal added.

Fortunately Google resolved the screw-up, according to a statement issued to Searchengineland.com on Wednesday:

For several hours yesterday a small set of Webmaster Tools accounts were incorrectly re-verified for people who previously had access. We’ve reverted these accounts and are investigating ways to prevent this issue from recurring.

The cause of the breach remains unclear. We've put in a query to Google and will update this story if we hear more. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.