Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Google Wallet personal sensitive information disclosure via third-parties
From: warning () type-error net
Date: Wed, 9 Jan 2013 05:11:52 -0800

if you do not know already, google wallet shares the following
information with potentially untrustworthy third parties. the
information below that you have entrusted to google may be shared
below as follows.

full name
date of birth
social security number
current address
phone number

this data is shared with a company named EveryWhereReward.com if you
request a balance withdrawal of funds in google wallet accounts. by
the third-parties own admission, they keep this data forever even
AFTER the account is closed. this seems to be a gross violation of
privacy when entrusting data to google. it also means that gov can
subpoena it and other shared data related to your google wallet
account without going through google directly. this is not something
expected.

the company also reveals that numerous departments have access to this
data and it does not appear to be encrypted nor protected well. a
brief glance at the SSL certificate leaks information regarding
backup, qa, and disaster recovery domains associated with the primary
sites. you may want to ask yourself if you think the data is being
adequately protected. the company claims they are authorized to hold
this data by their association with money network (subsidiary of first
data corp).

this is merely a warning to be careful when sharing your data with
google, because it may ultimately end up in places you didnt expect
(eg. an indirect subsidiary of a conglomerate's subsidiary that is
directly partnered with google -- confusing). if in doubt, check your
terms of service.

#warning

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Google Wallet personal sensitive information disclosure via third-parties warning (Jan 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]