Fat-fingered G Suite admins spill internal biz beans onto public 'net

Another day, another cloudy data leak, as admins fail to get one setting right

G Suite business users: go and check your configuration, and make sure you're not publishing enterprise information to the whole world.

That's the warning coming from security outfit Redlock, which says it found “hundreds” of organisations leaking both organisational data and employees' personal data.

As the biz's advisory explains, it's a single radio-button setting that people are getting wrong: in G Suite Groups for Business's Advanced Settings, they're accidentally publishing groups to the public internet instead of keeping them private to the organisation.

Redlock says the IBM-owned Weather Company, Intellicast, and Fusion Media Group were among those it spotted with misconfigured G Suite settings.

Cloud misconfiguration seems to be the new black: last week, Dow Jones leaked customer information via an AWS S3 bucket, imitating a similar feat from Verizon.

Indian company Tata leaked customers' code on GitHub in June, and in a gold-medal performance, Sweden's Department of Transport leaked its entire vehicle registration database last year – including secret identities such as those of its special forces. ®

Updated to add

Google has been in touch with Vulture South to assure us that G Suite's default setting is "private." In other words, you have to accidentally screw up to make stuff available to public eyes.


Biting the hand that feeds IT © 1998–2017