Last week, RedLock identified that many companies running Google Workspace including Weather Company, Fusion Media Group, The Onion, Freshworks, and SpotX were affected by a security issue caused by a misconfiguration of Google Groups.



In the report, RedLock indicated that &#8220;hundreds&#8221; of Google Groups have publicly exposed messages containing personally identifiable information (PII) including employee salary compensation, sales pipeline data, customer passwords, names, and home addresses. This exposure was caused due to <a href="https://www.patronum.io/project-management-uses-for-google-groups/">Google Groups </a>Sharing Options being set to &#8220;Public on the Internet&#8221; instead of &#8220;Private&#8220;.



<figure class="wp-block-image"><a href="https://i0.wp.com/4.bp.blogspot.com/-wMH-WZ5qg7k/WyEbJFphu3I/AAAAAAAAAJA/y-tz_N6lNewoVKlr9M6sKGQI8w6ull73wCPcBGAYYCw/s1600/google%252Bgroup%252Bmisconfiguration.png?ssl=1"><img data-recalc-dims="1" decoding="async" src="https://i0.wp.com/4.bp.blogspot.com/-wMH-WZ5qg7k/WyEbJFphu3I/AAAAAAAAAJA/y-tz_N6lNewoVKlr9M6sKGQI8w6ull73wCPcBGAYYCw/s1600/google%252Bgroup%252Bmisconfiguration.png?w=750&#038;ssl=1" alt="Google Group"/></a></figure>







Although this isn&#8217;t a security issue itself it does show that a simple oversight can be potentially devastating for businesses. It is recommended that be default all Google Groups should be configured as &#8220;Private&#8221;, for further instructions see the following <a href="https://support.google.com/a/answer/167097?hl=en" rel="noopener noreferrer" data-blogger-escaped-target="_blank">support articles from Google</a>.

Google-Group-data-exposure-due-to-misconfiguration-at-Weather-Company-and-SpotX-

Google Group data exposure due to misconfiguration at Weather Company and SpotX