lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAPgP4gyRzTz186W5igGSbyxvagO686Ec1s3WCfSgHTPMXZ8z1Q@mail.gmail.com>
Date: Wed, 9 Jan 2013 05:11:52 -0800
From: warning@...e-error.net
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Google Wallet personal sensitive information
	disclosure via third-parties

if you do not know already, google wallet shares the following
information with potentially untrustworthy third parties. the
information below that you have entrusted to google may be shared
below as follows.

full name
date of birth
social security number
current address
phone number

this data is shared with a company named EveryWhereReward.com if you
request a balance withdrawal of funds in google wallet accounts. by
the third-parties own admission, they keep this data forever even
AFTER the account is closed. this seems to be a gross violation of
privacy when entrusting data to google. it also means that gov can
subpoena it and other shared data related to your google wallet
account without going through google directly. this is not something
expected.

the company also reveals that numerous departments have access to this
data and it does not appear to be encrypted nor protected well. a
brief glance at the SSL certificate leaks information regarding
backup, qa, and disaster recovery domains associated with the primary
sites. you may want to ask yourself if you think the data is being
adequately protected. the company claims they are authorized to hold
this data by their association with money network (subsidiary of first
data corp).

this is merely a warning to be careful when sharing your data with
google, because it may ultimately end up in places you didnt expect
(eg. an indirect subsidiary of a conglomerate's subsidiary that is
directly partnered with google -- confusing). if in doubt, check your
terms of service.

#warning

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ