Google Calendar Security Notice

Uh, guys… y’all gotta tell your friends not to store usernames and passwords in public documents – at least, not without protecting them with passwords themselves. More importantly, the last thing you want to do is set a reminder for yourself in Google Calendar and leave the login credentials in the reminder AND set it for public viewing. Dude. Seriously. Lockergnomie Michael Kuhn sent this to me on Friday:

Google has just created an enormous security problem.

Go to your Google calendar web page.

Enter “user password” in the search box.

Click the Search Public Events button.

Scroll down to find many user id’s and passwords for every imaginable thing.

It’s not so much a “security problem” as much as it is “the user isn’t being educated” problem. And believe me, there are plenty of results in the public listings that should not be there.

43 thoughts on “Google Calendar Security Notice”

  1. Pingback: 301 Powered
  2. Pingback: Techscape
  3. Pingback: All Narfed Up
  4. Pingback: All Narfed Up
  5. Pingback: Webisztán
  6. Pingback: BinarySun [Blog]
  7. Pingback: Soours
  8. Pingback: coComment -
  9. I’m actually curious about why I’ve seen so little mention of another Google issue: I recently noticed that Google parses the text of emails sent to me, and feeds me ads based on what is supposed to be private text. Apparently. nothing in a Google app can be assumed to be private. And in future I’ll use gmail only for what I’m content for the world to see.

  10. Ok, so the nice guy in me wants to email each of these folks to tell them about having their charge card info on their calendar. Gads. The other side of me wonders if I could be charged with “hacking” if I point this out to the individual?

  11. In the age of Identity Theft and generalized paranoia about protecting sensitive information people are saving passwords in public calendars. Priceless. You should’ve worked “common sense” into the title of this post. What’s even more amusing to me is that the person who reported this to you blamed it on Google.

    Do you think that there is any way to really educate the average user out there on basic steps that they can take to protect their personal information online? IT Professionals educate people in the workplace, they blog, they podcast, they submit articles to mainstream publications and still so many people (as evident by the search you describe) seem to be in the dark about basic security. What else can be done to educate people?

  12. It is interesting, for all the folks in the geek world who know how to do things for themselves, geeks are lazy/cheep to rely on free services ment for the brain dead. And because it is Google, friend of open source, free software (as in freedom,) the alternative to the MS Monopoly, savior to the average user, brilliant minds, you have to ask; Is it on purpose? Have we all learned our lesson? This hasn’t just happened to average users.

    This is what Google thinks of you.

  13. This reminds me of a recent spot on Virgin Radio here in the UK. Virgin Radio ran a competition where, if you revealed to them your work logon and password, you won a prize. Surprising numbers of people did! A similar experiment also showed people would hand over their logon and password for a free plastic biro pen! Madness!

  14. I’m failing to see how Google creates this problem. When people are dumb enough to put passwords on public documents, they get what they get. Perhaps Google could put a few more warnings up, though.

  15. What I don’t understand is why the default isn’t private, and you change it top public if you want… Wouldn’t that be the easiest solution. I hate having to make private things private. I don’t use the calendar to share things… yet, just to keep track for myself.

  16. Er, to elaborate – that’s both amazing and ho-hum – I mean of course there would be a great many uneducated or un-forewarned GCal users out there – but the sheer volume of it amazes me. Thanks for the heads-up Chris and Michael.

  17. We at the Calgoo office use Google Calendar for business purposes. After spending so much time with it its hard to imagine someone making this mistake. That said it is clearly a case of user eduction – or lack there of. The only problem is how far must one go to educate their users before some are turned off by feeling patronized.

    – Calgoo

Comments are closed.