Fat-fingered G Suite admins spill internal biz beans onto public 'net
Another day, another cloudy data leak, as admins fail to get one setting right
G Suite business users: go and check your configuration, and make sure you're not publishing enterprise information to the whole world.
That's the warning coming from security outfit Redlock, which says it found “hundreds” of organisations leaking both organisational data and employees' personal data.
As the biz's advisory explains, it's a single radio-button setting that people are getting wrong: in G Suite Groups for Business's Advanced Settings, they're accidentally publishing groups to the public internet instead of keeping them private to the organisation.
Redlock says the IBM-owned Weather Company, Intellicast, and Fusion Media Group were among those it spotted with misconfigured G Suite settings.
Indian company Tata leaked customers' code on GitHub in June, and in a gold-medal performance, Sweden's Department of Transport leaked its entire vehicle registration database last year – including secret identities such as those of its special forces. ®
Updated to add
Google has been in touch with Vulture South to assure us that G Suite's default setting is "private." In other words, you have to accidentally screw up to make stuff available to public eyes.