Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. The Mountain View, California-based company said it has also implemented a mechanism that detects and prevents a URL submission that contains login data from being available publically. The loophole was discovered in early January and Google announced Monday that the problem had been solved.
The login information was contained in 15 URLs submitted through Google's Firefox toolbar, which lets users report Web pages they suspect to belong to phishing sites. The Firefox toolbar prompts the user for a final review before the suspicious URL is sent in, but in this case, the users still sent in the URLs. "We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords," Google said in an e-mailed statement.
News source: InfoWorld
The login information was contained in 15 URLs submitted through Google's Firefox toolbar, which lets users report Web pages they suspect to belong to phishing sites. The Firefox toolbar prompts the user for a final review before the suspicious URL is sent in, but in this case, the users still sent in the URLs. "We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords," Google said in an e-mailed statement.
News source: InfoWorld
some sites send user form date such as usernames and passwords through the url when submitting forms
so theres not much the user can really do about it either..
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.