It’s not entirely clear how documents from the cloud-based platform Google Docs could have served up in queries on Yandex’s search engine.
The Russian search engine Yandex told the Associated Press that some users contacted the company
on Wednesday to say its public search engine posted what looked like personal Google Doc files.
The documents ranged from an internal memo from a Russian bank to press summaries and company
business plans. The AP reports that the legitimacy for each of those documents could not be confirmed.
"Keeping your information private and secure is our top priority," a Google
spokesperson told Search Marketing Daily. "We have no indication of our systems incorrectly tagging Google Docs as public on the web. Search engines should only index documents if they are
intentionally published or shared public to the web.”
advertisement
advertisement
In other words, other search engines can only serve up Google documents that had either been deliberately made public by its
authors or when a user publishes a link to a document and makes it available for public access and search.
Saving and protecting users’ personal data is our main priority for
search engines. A Yandex spokesperson said the search only yields files that don’t require logins or passwords.
But the incident is only one in several reported in recent weeks.
Earlier this week The Wall Street Journal reported “at one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s
software.”
Gmail is one in a long list of Google apps that share data with third-party developers. Stripe software engineer Robert Heaton recently found that the Google Chrome internet
browser share online browsing history with third-party developers.
Heaton points to Stylish, an internet browser plug-in, that he found has
recorded every website that the company’s 2 million users visit, and has done so since January 2017. Firefox began doing the same in March 2018.
Back in June, security expert Brian
Krebs wrote about new research that shows Web sites could run a simple script in the
background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.
Craig Young, a researcher
with security firm Tripwire, discovered the authentication weakness that leaked accurate location information about users of both devices. Krebs wrote attack worked by asking the Google device
for a list of nearby wireless networks and sending it to Google’s geolocation lookup services.