Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. The Mountain View, California-based company said it has also implemented a mechanism that detects and prevents a URL submission that contains login data from being available publically. The loophole was discovered in early January and Google announced Monday that the problem had been solved.
The login information was contained in 15 URLs submitted through Google's Firefox toolbar, which lets users report Web pages they suspect to belong to phishing sites. The Firefox toolbar prompts the user for a final review before the suspicious URL is sent in, but in this case, the users still sent in the URLs. "We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords," Google said in an e-mailed statement.
News source: InfoWorld