Bought a domain through Google? Your info’s out there

A software defect in Google Apps has leaked sensitive data for nearly 300,000 domains since 2013, researchers at tech firm Cisco found.

Google Apps for Work allows individuals to purchase domains through a partner, eNom. When purchasing a domain through Google, people are offered a $6 add-on feature that ostensibly hides their registration information from public view.

{mosads}This slate of registration data is known as the “WHOIS” record, which essentially “acts as the phone book of the Internet,” explained several Cisco researchers in a blog post.

Just as its possible to pay to have your name and number removed from the public phone book, you can pay to shield your domain registration information.

But a software defect exposed that protected data when these domains purchased through Google were renewed. Everyone who bought the add-on privacy feature — roughly 94 percent — had their information leaked, including names, addresses, phone numbers and email addresses.

“This information will be available permanently as a number of services keep WHOIS information archived,” the researchers said.

Nefarious actors have been known to prey on this data.

“For example, sending targeted spear phish emails containing the victim’s name, address, and phone number to make the phish seem even more authentic,” the researchers said. “Identify theft is also a possibility.”

Google was able to fix the defect within days, Cisco said.

“However, the Internet never forgets.”