If you’re sysadmin of an organisation using Google Groups and G Suite, you need to revisit your configuration to make sure you aren’t leaking internal information.
That advice comes from Kenna Security, which on June 1 said it found 31 per cent of a sample of 9,600 organisations leaking sensitive e-mail information.
The company explained while previous advisories about the issue (such as this from 2017) have explained how G Suite can leak, sysadmins appear not to be taking the matter seriously.
The problem, Kenna said in its post, is that Google Groups, available to G Suite customers, has “complex terminology” and a clash between “organisation-wide vs group-specific permissions”. As a result, list admins can “inadvertently expose e-mail list contents” (which were meant to stay in-house).