If you’re using Google Groups, be sure to check your privacy settings. A new study conducted by Kenna Security published Friday found that, out of 9,600 public Google Groups, about a third leaked email sent through the platform. Kenna Security found the groups by researching domains (we’re guessing they Googled them) held by some of largest websites, including Fortune 500 companies, hospitals, universities and colleges, newspapers, and even U.S. government agencies. They turned up emails involving invoicing, passwords, and other credentials. Basically, all the things you don’t want shared on the web.
Kenna Security alerted Google to the leakage and in apparent response, Google posted instructions on how people can ensure their group’s privacy. According to Google’s blog post, the default settings should keep users’ information safe, as no one can view, search, post, join, or create groups if they aren’t in the domain. However, administrators can adjust each of these default settings individually and may have inadvertently misconfigured them. In short, if you use Google Groups, it can’t hurt to review and update the permissions and make sure the Group settings are how you want them.