Google Blacklist Contained Confidential Information at Techcrunch reports that Google’s phishing blacklist, which is publicly available for anyone to see, had confidential information enclosed. Such information included “usernames and passwords of individuals, including credentials for accounts at banks and other financial institutions.” Google has quietly removed the information that may put users at risk, but it just shows us that this can happen.
Danny discussed the other week, his experience with the Google & Firefox 2 Anti-Phishing Warning when he went to his bank online. The Google Blacklist was discovered in September 2006, but has never been locked down fully to just Google (maybe because it can’t). Back then, DaveN commented that the list had usernames and passwords within it, so I am surprised to see this issue come up again.