Attention: Google Calendars Are Exposing Your Private Information Online
“Making your calendar public will make all events visible to the world, including via Google search. Are you sure?”
Warning prompt on your screen, and you pressed OK button. Now, this is where the game begins.
Misconfigured Google Calendars are Leaking Your Private Information
Have you ever shared your Google Calendar with anyone intentionally or even without realizing it? If so, then its time to revisit your Google Settings immediately because all your commercial activities and events are on the Internet, everybody can access them.
According to security researcher Avinash Jain, “Right now, there are about 8000 publicly available Google Calendars that can be searched and accessed through Google’s search engine. These calendars not just allow others to see your confidential data but also add malicious information, events or links.”
Breaking News
Well, It’s Not a Vulnerability or Bug, It’s Misconfiguration
Most of us make calendars public for a particular group of users and think that we’re sharing the link with them only. But, it’s not true because when we make a calendar public, it gets indexed on Google’s database and later everyone can access it with an advanced Google search. Researchers ensure that the configuration does not sufficiently warn that sharing a calendar with others will expose a user’s private information in public.
So, it’s not something we can call a bug or vulnerability but, it’s the intended behavior of the service.
I was able to access the Google Calendars of thousands of organizations that leaked their confidential information like email identifiers, event’s name, location, the link of meetings, hangout chats, internal presentations and so much more.” said by a researcher.
This is happening with most of us including the most experienced Internet users because we simply ignore the warning. In this case, we cannot directly blame Google for exposing our Calendars data because the company specifically warns you before making it accessible for everyone. But, users apparently ignore the warning or some of us do not understand the privacy risks of making a Calendar public. Well, this is not happening for the first time as similar issues were encountered before with multiple networking sites, web portals like Facebook.
Proof: Several Poorly Configured Calendars, Exposed Private Information
Before a few months, scammers used Google Calendar Service to attack users for credential theft in which they sent victims an email containing an invitation to the event mentioned in their Google Calendar with malicious links.
Just a Few Searches and Private Information is Revealed
All the Google Calendar, you made public can be accessed by anyone in some simple quick searches. According to researchers, Google does not notify the Public Calendar Creator that someone is accessing or adding an event in their Calendar, which makes it difficult for users to know about the spammers and phishers. Moreover, there is no graphic indication in the Google Calendar interface from which users can get to know that they made their Calendar public and stop adding more personal events within it.
GOOGLE DORK (an advanced Google Search Query) can list all the publicly available calendars within a few seconds and expose all your private information in front of everybody.
So, How Can I Fix This?
To ensure your Google Calendars information is safe, check your Google Calendar Settings and make sure if you really want to share your Calendars publicly. In case if you want to share your Google Calendar with someone privately, then Google provides you an option to invite that specific user by adding their email addresses in Calendar Settings instead of making it public. To know more about this, visit – https://support.google.com/a/answer/60765?hl=en. Besides, you can enable Google alerts when your Google calendars, presentations, and docs go public.
Recommended Best Solutions to Secure Your Google Account
Recent researches shows, 6.5 million data records are stolen on daily basis and Data breach cases are becoming a day-to-day struggle for users. Therefore, we’ve picked some best solutions to secure your Google account. So, you can pick the solution accordingly:
1. Solution For Personal Gmail Account Users
SysTools Gmail Backup Software is one of the best and most reliable software that allows to backup your Gmail Calendars, Contacts, Emails, Documents. With this, you can save your Gmail Calendar events locally in .ics file format directly and prevent yourself from leaking private information online.
2. Solution For Business Gmail Account Users
SysTools G Suite Backup Software is another reliable utility to backup your Google Apps/ G Suite Calendars, Emails, Contacts, Documents, etc. With this, you can archive the data of both Single as well as Domain User Account and save your crucial information locally.
