Monday, January 22, 2007

Google Blacklist Contained Confidential Information - UPDATE

Michael Arrington writes on TechCrunch:

Internet security firm Finjan will confirm on Monday that Google’s much-discussed anti-phishing blacklist contained confidential usernames and passwords of individuals, including credentials for accounts at banks and other financial institutions.

Google’s current anti-phishing blacklist, which has no access protection, is here. It’s used by the Google Safe Browsing for Firefox extension which is now part of the Google Toolbar for Firefox, according to Michael Sutton, who has spent some time analyzing it.

Google has not publicly discussed the error, although they quietly removed the offending data. They have, however, acknowledged it in email correspondence with Finjan, which was forwarded to me. Google has since removed the confidential data.

More here.

UPDATE: 15:13 PST: InfoWorld now has a detailed description of the incident here.

0 Comments:

Post a Comment

<< Home