Sometimes, you do everything right to protect yourself from
the evils out there, and some glitch in the matrix still gets you. Take, for
instance, the roughly 280,000 people or businesses who registered their website
domains with Google Apps and chose to keep their personal information hidden
via eNom. They did this because otherwise, by searching WHOIS, anyone can see the
name, email address, physical address and phone number of the person who
registered the domain. For about $6 a year, eNom is supposed to keep that info
hidden. Except it didn't.
According to Cisco's Talos security research group (via ArsTechnica.com),
beginning in 2013, that private info began leaking out for every domain that
was renewed. Oops. It took two whole years for someone at Cisco to discover
the leak, on February 19, this year. Five days later, Google had fixed the
problem (something to do with how their data was put into eNom's interface). But,
it wasn't until two weeks after the discovery that Google actually bothered to
email customers about what went down.
What does this all mean? On the plus side, as Cisco says,
some of the owners of problematic sites (federalbureauinvestigation.com,
hfcbankonline.com) may have been identified, so authorities can get to them. On the minus, everyone else who
had legitimate reason to protect themselves wasn't. Phishing scams can use your
address, phone number and email to get you to divulge other crucial
information, so they can access your banks or your identity. Also, all that spam.
The problem has been fixed, but two years of info hanging
out there in the open for diligent hackers and identity thieves to grab can't
be erased very quickly. Things get cached. Data is saved. Scammers can be
very, very patient. If you think any of your information was leaked in this or
any other manner, it's time to protect yourself in other ways: Check your
credit reports, and be extra careful about what you share with people over the Internet. Also, look both ways before you cross the street. (Ars Technica)