While Google Calendar is a great way to keep organized, people have found another use for it. Using Google Calendar and the new “Search Public Events” feature, people are able to scoop up “private” corporate data that’s probably meant to be private, but is set for the public to view.
Google Calendar allows users to select whether they want the content of their calendar private or public. If it’s made public, the data within those calendars can be returned in the Google Calendar search results.
According to PC World, information has come up in search results about vendor meetings, and the names of projects in the works. Dial-in numbers and passcodes for business meetings are also turning up. One example they came across was details for a JPMorgan Chase & Co conference call regarding a “SAN Security Remediation Project.”
The problem is that people use Google Calendar to keep themselves organized, so they include all of their important business meetings and events in detail, apparently not realizing that they set their calendar to public.
I decided to go see for myself what kind of corporate data I could find, and so I went to Google Calendar and typed in “passcode” as my search term, and clicked “search public events.” It came up with hundreds of results with most of them containing telephone numbers and passcodes for conference calls. Results like:
- Apple Conference Call Northern California (link)
- NASA Academy Operations Forum (link)
- IBM Sales Event (link)
Will companies restrict their employees from using Google Calendar and other online methods for organization because of this? It’s not a likely way for sensitive information to get leaked, but it’s happening. The users are the ones to blame because they’re not setting their calendars to private, leaving the World to see everything!
This is one reason why public applications just don’t do well with corporate users who clearly don’t know how to use the application appropriately.