Nathan Weinberg at Inside Google has posted a blog entry on Google closing a security flaw in its new Presentations feature of Google Docs, he starts out with a screen capture of e-mail addresses that were leaked through that flaw. Of course, the addresses are obscured. It's a graphically appealing but very scary image on the right.
Here’s Weinberg explaination on the issue:
"Google Presentations has a chat feature, based on Google Talk technology, that lets people chat while viewing a presentation. I embedded a presentation here, as did Matt Cutts on his blog, and a number of people linked to it. Everyone who went to that Presentation and logged into their Google Account to chat gave their e-mail address to me and to every other visitor to the chat, without even knowing it. The reason is that Presentations logs your chats, just like Google Talk does, and those logs appear in your Gmail Chat folder. While the chat window in the presentation doesn't list e-mail addresses, the logs do, and almost everyone gets them automatically."
Apparently, the breach was live for about 15 hours before it was closed, he says.
A Google representative provided this statement when asked for comment: "We take our users' privacy and security very seriously. We acted quickly when we discovered this bug and delivered a fix: e-mail addresses are no longer archived during presentation chat sessions."
He closes with a list of some of the email addresses list:
- Matt Cutts
- DP Neal
- Dave Naylor
- Oleg Solodukhin
- Tony Ruscoe
- Nathan Rudy
- Francis Ocoma
- Loren Baker
- Robin Good
- Adam Lasnik
- Chad Dorsey