It’s not entirely clear how documents from the cloud-based platform Google Docs could have served up in queries on Yandex’s search engine.
The Russian search engine Yandex told the Associated Press that some users contacted the company on Wednesday to say its public search engine posted what looked like personal Google Doc files.
The documents ranged from an internal memo from a Russian bank to press summaries and company business plans. The AP reports that the legitimacy for each of those documents could not be confirmed.
"Keeping your information private and secure is our top priority," a Google spokesperson told Search Marketing Daily. "We have no indication of our systems incorrectly tagging Google Docs as public on the web. Search engines should only index documents if they are intentionally published or shared public to the web.”
In other words, other search engines can only serve up Google documents that had either been deliberately made public by its authors or when a user publishes a link to a document and makes it available for public access and search.
Saving and protecting users’ personal data is our main priority for search engines. A Yandex spokesperson said the search only yields files that don’t require logins or passwords.
But the incident is only one in several reported in recent weeks. Earlier this week The Wall Street Journal reported “at one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s software.”
Gmail is one in a long list of Google apps that share data with third-party developers. Stripe software engineer Robert Heaton recently found that the Google Chrome internet browser share online browsing history with third-party developers.
Heaton points to Stylish, an internet browser plug-in, that he found has recorded every website that the company’s 2 million users visit, and has done so since January 2017. Firefox began doing the same in March 2018.
Back in June, security expert Brian Krebs wrote about new research that shows Web sites could run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.
Craig Young, a researcher with security firm Tripwire, discovered the authentication weakness that leaked accurate location information about users of both devices. Krebs wrote attack worked by asking the Google device for a list of nearby wireless networks and sending it to Google’s geolocation lookup services.