EXECUTIVE SUMMARY:
Google Groups, a collaboration tool used by companies to make communicating among work groups easier, has been found to leave personally identifiable information (PII) exposed if settings are not configured properly.
At the heart of the issue is a simple access setting that is controllable by users of Google Groups. Within the “Outside this domain — access to groups” tab, users can choose “public on the internet” or “private.” Those who fail to set the group access to private are potentially revealing corporate email, contact information, and a host of PII details relating to compensation, sales pipeline, and other sensitive information. Left unprotected, this information can be exploited by hackers for phishing attacks, hacktivism, and other cyber risks.
