G Suite admins have just one button to secure their sites, but don't
Another day, another cloudy data leak, as admins fail to get one setting right
G Suite business users: go and check your configuration, and make sure you're not publishing enterprise information to the whole world.
That's the warning coming from security outfit Redlock, which says it found “hundreds” of organisations leaking both organisational data and employees' personal data.
As the company's advisory explains, it's a single radio-button setting that people are getting wrong: in G Suite Groups for Business's Advanced Settings, they're publishing groups to the Internet instead of keeping them private to the organisation.
The company says the IBM-owned Weather Company (weather.com), Intellicast, and Fusion Media Group were among those it spotted with misconfigured G Suite settings.
Cloud misconfiguration seems to be the new black: last week, Dow Jones leaked customer information via an AWS S3 bucket, imitating a similar feat from Verizon.
Indian company Tata leaked customers' code on GitHub in June, and in a gold-medal performance, Sweden's Department of Transport leaked its entire vehicle registration database last year – including secret identities such as those of its special forces. ®
