Google is one of the most important companies with millions of registered users and a lot of new clients every day so it’s obvious that the search giant is very popular in the entire world. The company also offers multiple applications designed through a partnership with other firms, an agreement that can provide the technologies that are unavailable inside Google. One of the most attractive solutions is the Mozilla Firefox with Google Toolbar that is meant to make the browsing experience more secure but sometimes this is not enough.
As you might know, Google also provides a Firefox extension, Safe Browsing that alerts the user when a malicious website is visited. The notifications can be sent when the user loads a webpage that is identified as phishing attempt or it contains malware or other infected files. Yesterday, some of the users that are currently browsing with the two applications and the Firefox extension reported that they can provide incorrect warnings on the websites that are 100 percent clean.
Although the extension was made to protect the computer, the Firefox add-on also helps Google to keep the search engine clean by sending all the websites identified as dangerous to a database with blacklisted pages. It seems like the entire list containing blocked sites was publicly available on a Google link but the most important fact was that they were also presenting users’ account passwords.
Finjan, a provider of online security solution, identified the issue and reported it to Google but it seems like the information was already available for a lot of users. The security company also published an image available here that presented the blacklisted links and the usernames and passwords revealed by the search giant.
“Finjan Inc., the global provider of best-of-breed proactive web security solutions for businesses and organizations, today announced that it reconfirms recent reports that Google have unwittingly exposed private user names and passwords on the Google anti-phishing blacklist, which did not use any access protection. Such sensitive information could potentially have been used to compromise user privacy, and could even have been used for identity theft or financial profit (as users generally have a single “web” password for most of their online accounts),” the security company said.