RedLock is now a part of Palo Alto Networks - READ MORE
< Back

Google Groups Misconfiguration Security Advisory

by   |   07.24.17, 9:00 AM

The RedLock CSI team discovered hundreds of Google Groups that have publicly exposed messages containing sensitive information.

The Impact

The Google Groups misconfiguration has led to the exposure of sensitive data such as personally identifiable information (PII) at hundreds of organizations.


Google Groups, a service that is a part of G Suite, allows organizations to create and participate in online forums and email-based groups. When configuring a Google Group, changing the sharing option for “Outside this domain - access to groups” enables you to make the messages public or private.

The RedLock Cloud Security Intelligence (CSI) team discovered that many organizations have accidentally set this field to “Public on the internet”, exposing messages containing sensitive information such as PII (name, email, home address, etc).


Figure 1: Set Sharing Option for Google Group to “Private”


Per Google Groups documentation, set the sharing setting for “Outside this domain - access to groups” to “private”.

Download a copy of the advisory here.


Related Posts