Proof of Google Calendars leaking private information online
By MYBRANDBOOK
It is a warning signal for you to make your planning in the calendar, which could be made public will make all events visible to the world, including via Google search. Are you sure?"
As thousands of Google Calendars have been found to be exposing private data online. If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you're exposing all your events and business activities on the Internet accessible to anyone.
At the time of writing, there are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links, security researcher Avinash Jain told The Hacker News.
Avinash Jain, a security researcher from India working in an e-commerce company, Grofers, who previously found vulnerabilities in other platforms like NASA, Google, Jira, and Yahoo.
"I was able to access public calendars of various organizations leaking out sensitive details like their email ids, their event name, event details, location, meeting links, zoom meeting links, google hangout links, internal presentation links and much more," Avinash says in a post exclusively shared with The Hacker News.
Well, since it's intended behavior of the Calendar Service that comes as a handy feature to collaborate with people by making a Calendar public, one can not directly blame Google for the exposed data.
More than 8000 such Google Calendars were discovered. These were indexed by Google’s search engine which means anyone can access data and add events to these Calendars.
Employees may make calendars public for a specific group of people and intend to share the link with them only. But it gets indexed on Google and anyone can access it.
“While this is more of an intended setting by the users and intended behavior of the service but the main issue here is that anyone can view anyone public calendar, add anything on it — just by a single search query without being shared the calendar link,” says Avinash in the blog.
Using an advanced Google search query (Google Dork), one can list all publicly available Calendars within seconds and access every information, including sensitive corporate data belonging to some organizations, as shown in the screenshots shared by Avinash.
"Various calendars belonged to many of the top 500 Alexa company's employees as well, which intentionally/unintentionally were made public by the employee themselves," Avinash warns.
A few months ago, security firm Kaspersky also discovered scammers abusing Google Calendar service to target users with credential-stealing attacks, where phishers were sending victims an email containing a crafted event invitation with malicious links.
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
NUMERIC INDIA, A Group Brand Legrand
RELIANCE JIO INFOCOMM LTD.
BEETEL TELETECH LTD.
VERSA NETWORKS INDIA PVT. LTD.
Icons Of India : B.V.R. Subrahmanyam
A 1987 batch (Chhattisgarh cadre) Indian Administrative Service Office...
ICONS OF INDIA : SOM SATSANGI
With more than three decades in the IT Sector, Som is responsible for ...
Icons Of India : Puneet Chandok
Puneet Chandok is President, Microsoft India & South Asia and is respo...
ITI - ITI Limited
ITI Limited is a leading provider of telecommunications equipment, sol...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design
Anirudh Devgan, the Global President and CEO of Cadence Design Systems...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...