WHOIS is an utility website or internet record widely used to identify who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership. Whois records have proven to be extremely useful and have developed into an essential resource for maintaining the integrity of the domain name registration and website ownership process. Some domains owner pay to keep their ownership private. The error that occurred exposed the identity of over 282 000 Google Apps domain owners.
Talos security research team which handles Cisco’s security revealed the error and has published an advisory note on the problem which began in mid-2013 and has been unmasking the details of people who opted for WHOIS privacy protection ever since.
The researchers found that admins were affected after they renewed their private WHOIS domain registration data. They studied 309,925 domains registered through Google’s partner registrar eNom and discovered that 94 percent were affected.
According to the source, at the moment, a fix has been issued to address the error but the registration records will remain available as many WHOIS lookup services keep the information they index archived.
“It’s possible to mine this information and leverage it for malicious purposes, such as spamming, spear phishing or other potential forms of harassment.” the Talos team warns.
Google has sent an email to Apps admins apologising for the issue:
“Dear Google Apps Administrator,We are writing to notify you of a software defect in Google Apps’ domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it. When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom’s unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory.”