Why You Must Stop Using Google Calendar Immediately!

Must Read

Free Netflix in India: A Result of Slow Growth In Q3 2020?

Netflix is testing a new strategy that could lead to free Netflix in India. The online streaming...

Jio Pages: The Indian Browser Reliance Is Betting On Now!

Looks like Reliance wants to establish Jio as a synonym of technology. After launching a fleet of...

Tesla First Cancels Return Policy And Now Cuts Warranty Period

Just last week Elon Musk surprised everyone by cutting the price of Tesla Model S twice in...

A grave safety loophole has been found in Google’s time management service “Google Calendar”. Its public sharing feature makes sensitive organizational information, like email ID, event name, location, duration, available to anyone and everyone on the internet.

The recently identified loophole in Google Calendar allows anyone other than company insiders can easily get their hands on internal information like email ID, meeting venues or dial in passcodes for restricted access areas. To make the matter worst, scammers could also add links, create new events, meetings to Google Calendar by bypassing all the authentication. At the same time, scammers are exploiting this public availability along with the close integration between all Google services to assault users with a credential-stealing attack.

Security researcher Avinash Jain recently made a blog post bringing this issue to light. He found that by using the Google Dork advanced search, he could access all public Google Calendars and users. Over 8,000 such calendars containing sensitive private information about organizations were exposed to be unsafely perused and misused by scammers on the internet.

Advertisements

Google Calendar’s objective

Google Calendar is a service especially built keeping teams and groups in mind. As of February 2018, it had been installed up to 500 million times. The service allows teams and individuals to share a common digital calendar that can be accessed, edited, and further shared to others by team members, or an external agent, depending on the kinds of settings one has enabled. However, this public visibility is not due to a slip up failing to ensure user data safety but is instead an intentional feature for easy connectivity among organizations and employees.

So to speak, the service has settings that can maintain the confidentiality of information even on a publicly shared document by displaying days and slots as “free” or “busy” to users outside the organization. Then, it seems that this blind spot has been created due to the company’s inability to sufficiently educate and notify its customers about the publicity of their information.

Past Data Breaches of Google

Such data breach from a company like Google, which is deep into the business of handling users’ data, is quite disappointing. Even though the recent privacy breach with Google Calendar cannot quite be classified as a data breach, Google has had a history of unsafe handling of user information in the past.

In 2014, personal information of 5 million Google customers surfaced on Russian cybercrime websites because of a bug in the algorithm. This information included name, age, occupation, and similar demographic details along with e-mail addresses and passwords.

Google is also notorious for tracking the internet usage of its customers and selling it to third-party companies, which is a severe breach of privacy.

Advertisements

The exploitation of Google’s Services by Scammers

Earlier this year, an article on Kaspersky Daily highlighted some of the common ways in which scammers misused the easy connectivity and transfer of data among Google’s various services such as Google Photos, Gmail, Google Translate, etc.

It seems that using Google Calendar is among the easiest ways to do so. As mentioned above, Google Calendar allows anyone to edit and add events into a public calendar. Scammers have taken to this platform to trick people by setting up meetings with users on the calendar and using the location and topic fields to inform the user that they’re eligible for a cash payment. This then redirects them to a link that allegedly allows them to receive their cash payment. But in reality, it is a trap to extract the user’s bank information.

A similar scam is seen making the rounds on Google Photos, albeit the offer is made through a picture.

Google Forms warns users to never submit passwords, bank information, and other private data in their forms for the same reason.

Thus, Google and all other services on the web must be used carefully. At the same time, companies should be held accountable and required to be transparent about how they use their consumer’s data. Until Google found a fix to this leak, people concern to their private data must stay attentive with Google Calendar, rather stop using it!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Mobile Internet Speed In India: From Bad To Worse [REPORT]

Languishing. And la…g…g…i…n…g. The sorry state of the desi internet in India. In a...

Google Boots Out 3 Immensely Popular Android Apps from Play Store: Questions About Content Policing Resurface

With such a flourishing wilderness of Android apps on the Google Play Store, there is every likelihood of encountering something seemingly innocuous...

Reliance Future Group Deal In The Soup: SIAC Orders To Put The Deal On Hold

When Reliance agreed to acquire Future Group for $3.4 billion, recently, the share of Reliance Industries Limited rallied on the stock market....

Can Facebook Be Trusted For Newly Announced Hosting and Shopping Services?

Every coin has two sides. For Facebook Inc. (NASDAQ:FB), the positive side says that it has launched interesting, new features to further...

When the Going Gets Tough, the Tough Gather Online

Tech shows; we all know them, love them, and wish we could get to them. Unfortunately, that's not always possible. Or is...

Flipkart, Amazon Hurtle To Secure Their Slice in Aditya Birla Fashion

The battle conch for the festive season has already been blown. Now in a bid to take control of a new frontier,...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This