Google Antiphishing Site Exposes Private User Data

Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. The Mountain View, California-based company said it has also implemented a mechanism that detects and prevents a URL submission that contains login data from being available publically. The loophole was discovered in early January and Google announced Monday that the problem had been solved.

The login information was contained in 15 URLs submitted through Google's Firefox toolbar, which lets users report Web pages they suspect to belong to phishing sites. The Firefox toolbar prompts the user for a final review before the suspicious URL is sent in, but in this case, the users still sent in the URLs. "We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords," Google said in an e-mailed statement.

News source: InfoWorld

Report a problem with article
Previous Story

CPI suing FCC to get at Real State of Broadband Competition

Next Story

Google to Digitize University of Texas library

3 Comments

Commenting is disabled on this article.

it depends how the site works

some sites send user form date such as usernames and passwords through the url when submitting forms

so theres not much the user can really do about it either..

it's good that google notifies you, it frees them from getting blame (I think, but companies still manage to get blamed)