[News] Data leak from Google Docs: what to do and who is to blame?

Last week, many cloud service users cracked the pattern. In search results "Yandex" for various requests began to flicker documents from Google Docs. A bunch of private information has got into general access: phone numbers, photos, passwords. The first data leak detected by users of social networks.

MDK Twitter Twitter

In the Russian IT niche, this news has created a local sensation. Considered reliable, like a Swiss bank, googledlocks turned out to be far from reliable. In a matter of hours after the publicity of the Google password case, most of the documents that were “glowing” in the issuance of Yandex were closed from being indexed. But some of them still remain in the public domain.

Chronicle of events

July 4, evening. On social networks, there are messages about indexing by Yandex by the docs.google.com service.

July 5, early morning. In the "Yandex" claim that they warned colleagues from Google about the leakage of data.

“Our security service is now communicating with colleagues from Google in order to draw their attention to the fact that these files may contain private information,” Ilya’s press secretary Ilya Grabovsky.

5'th of July. The Google press service gives an official comment with explanations:

"Search engines can index only those documents that were intentionally made public by their owners, or when someone publishes a link to a document whose owner has made it searchable and viewable by everyone on the Internet. You can always change the settings for accessing your files and set restrictions on what is available for viewing, commenting or editing to selected users. "

So a big misconception of Google Docs users was revealed. It turned out that the service does not close documents from indexing by default. Google representatives wrote about this in a 2009 user forum. But many of us read search engine forums in English? (It was a rhetorical question, if that).

The gap in privacy "Google. Documents" immediately became the goal of Internet stalkers. Thus, the Runet learned that it was forbidden to hire representatives of the Negroid race and LGBT people by the instructions of Tinkoff Bank's Eychars. The press service of the bank disown this information, explaining it with the thoughts of one of the employees.

Some users consider the situation to be a planned move by Yandex:

Who is to blame and what to do?

Thousands of service users rushed to check their documents and change access settings. The global consequences of the indexing incident are unclear — too little time has passed. It is possible that in the future there will be reports that someone's customer bases "surfaced" with competitors or unpublished content turned out to be non-unique. We asked the lawyer who was responsible for this:

"There are 3 types of information leakage circumstances:

  1. By mistake of the user
  2. The fault of the operator
  3. With third-party intervention and hacking of operator services

In the first case, it is the responsibility of the user. If you sue, then only with yourself. In the second case, it is the responsibility of the operator, and the user has the right to appeal against the operator’s actions or inaction, including compensation of damages and (or) compensation for moral harm in a court of law (clause 2 of Article 17, Article 24 of the Federal Law on “On personal data "). Theoretically, you have the right to sue the operator, which is Google.

In the third case, persons illegally taking possession of personal data of the user may be held criminally liable. In this case, the user also has the right to damages and (or) compensation for non-pecuniary damage. "

Magomet Chagarov, Head of Legal Department "Law Department".

In Kaspersky Lab, they told that documents that were not closed from indexing could be indexed not only by Yandex and advised how to protect them:

Documents that were not protected by privacy settings got into search results of Yandex. Most likely, their owner has allowed everyone to view and edit. The fact that such documents are reflected in the search is quite an obvious situation, because this is how search robots work. They "follow" links and index all those documents that they see and which they are not forbidden to "touch."

But this story is not only about Yandex - all search engines can index documents, and periodically there are messages that you can find personal data of users or even secret documents on the Internet. If, for example, to make a request to Google about docs.google.com, then it will also show a number of documents available to all.

Users can be given simple advice - if you do not want your documents / presentations / spreadsheets to be indexed by search engines (and this applies not only to Google Docs), do not set the access settings “accessible to all”. Give rights to view and edit only to users who are sure and who really need it. It is better to give access by invitation, rather than by reference.

Yury Namestnikov, head of the Russian research center "Kaspersky Lab".

Have you already defended your Google?

Watch the video: Apple Says There Was No Breach in Security in Celebrity Photo Hack (October 2019).

Leave Your Comment