News

[Update] Google Webmaster Tools Security Breach Confirmed

A justified panic gripped the SEO industry after word got out that Google Webmaster Tools has an extremely serious technical issue – old user accounts are automatically getting re-verified and given access to sites they shouldn’t have access to anymore.

google [Update] Google Webmaster Tools Security Breach Confirmed

The first post I read about the GWT stuff-up was on Dave Naylor’s blog. The very first thing I did was check my calendar to make sure it wasn’t April 1st already. Surely this was a hoax?! Several other trusted sources have unfortunately verified the problems with GWT and it seems to go even further than just GWT; Michaela Dennis mentioned on Twitter that all of her old deleted and blocked Gtalk contacts were active again.

I think this shows us how the integrated the whole Google eco-system really is and how one cockup can bring down the house. Here’s a short timeline from Twitter.

For those not aware of the seriousness of this apparent breach of security, ex-employees or even contractors, that at one time or another had access to a site, the reports, tools, and so on, possibly gain access again to not only Webmaster Tools, but possibly Google Analytics too. The rub is, there’s simply no guarantee those granted renewed access won’t do something malicious. Not only could past access holders change key elements, but spying on the competition for larger entities is definitely a possibility.

Imagine someone working for a major brand suddenly granted access again to a competitive brand!

As added background to the initial story break, Matthew Panzarino over at  The Next Web sourced David Naylor early on to show what those formerly with access might do with renewed access to a webmaster (maybe analytics) account. Naylor’s screen also clearly show a former SEO control entity, being reauthorized in what could surely be an unholy mess for a site owner. Naylor reported to TNW he had access to analytics too.

So far Google has been silent on the matter, possibly suggesting they are still trying to sort out exactly what happened. We will keep you updated.

The Editor of SEJ has contacted senior Google communicators and the Google Webmaster Engineering Manager. We are still waiting their response.

60b68e0b942c53d91ba913eb5431e188 64 [Update] Google Webmaster Tools Security Breach Confirmed

Bob Jones

Director at Visible
A professional Search Engine Consultant from Perth, Australia, Bob Jones likes to surf (the web) when he's not busy winning COD on his 360. During office hours you'll find him managing the SEO team at Visible, quite possibly the best place to work.
60b68e0b942c53d91ba913eb5431e188 64 [Update] Google Webmaster Tools Security Breach Confirmed

You Might Also Like

Comments are closed.

4 thoughts on “[Update] Google Webmaster Tools Security Breach Confirmed

    1. I personally have not seen anything here either, altough I have GWT access to over 800 client websites. They’re all Australian websites though and several other Aussie SEO’s have reported no issues either. Perhaps its a localized issue on certain TLDs

  1. This doesn’t seem like anything new though. I’ve seen this bug for a couple years now. I’ve been getting email reports for activity on old domains which I’m not verified for anymore.