Hundreds of companies that use Google Inc.’s G Suite platform may be exposing their data to the public Internet because of poor setup practices, according to a newly published security advisory.

Silicon Valley security and compliance company RedLock Inc. made the claim Monday, finding that a “misconfiguration” in Google Groups has led to the exposure of sensitive data such as personally identifiable information at hundreds of organizations. The misconfiguration, in this case, comes down to the setup process where companies are given an option to share the data outside the group, a setting that allows data to be set to private or public.

RedLock claims that companies are accidentally setting this option to public, exposing their private data, although the advisory did not note whether the option of sharing publicly was a default option when setting up a Google Group – a far more likely scenario given how widespread the issue appears to be.

Companies found to have their private data exposed include the IBM Corp. owned The Weather Company, help desk provider Freshworks Inc.  and media company Fusion Media Group, the owner of sites such as Gizmodo, The Onion, Jezebel and Lifehacker.

“Simple misconfiguration errors — whether in SaaS applications or cloud infrastructure — can have potentially devastating effects,” Varun Badhwar, RedLock’s chief executive officer and co-founder, told ZDNet. “Recent data leaks at companies such as Deep Root Analytics, WWE and Booz Allen Hamilton have demonstrated the impact these simple errors can have.”

The solution to the exposure of private data through services such as Google Groups is remarkably simple: Companies simply need to make sure that privacy settings are turned on. Ideally, companies should also have in place security and privacy auditing procedures to make sure that any service they use is secure from public access.

Image: Pixabay