Google Blogoscoped

Monday, April 23, 2007

Login Credentials in Public Google Calendars

Startup Meme and Chris Pirillo report that quite a few people have made login credentials of theirs public via Google Calendar event descriptions, which can now be found by searching for public events for e.g. “username password”. When you create a calendar with Google, you have the options “do not share with everyone” (default) and “share all information on this calendar with everyone” (which additionally triggers a confirmation dialog). However, when people add certain events to public calendars, it may be that they’ve forgotten they once made the calendar public. Maybe Google needs to put a more visible icon next to public calendars as a reminder, or always trigger a confirmation when you add an event to a public calendar, but this is not a Google Calendar security vulnerability – it’s user misconfiguration, similar to when you e.g. create a blog post with information that ought to be secret, and then someone searches Google for “password username”.

If you have a calendar, make sure you remember its privacy settings – one way to do so would be to add the word “Public” to the titles of your public calendar.

[Thanks Bilal Hameed!]


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!