Google fixes URL removal tool security flaw
Google has moved quickly to fix a security flaw that allowed Webmaster Tools users to remove any webpage from its search index.
The search engine closed the loophole just seven hours after it was reported by UK Web Media operations director James Breckenridge.
Mr Breckenridge was removing “thousands” of websites from the search engine’s listings on Google Webmaster Tools when he set up a quick extension to speed up the process, according to his blog.
However, he found that by altering the URL he could delete any webpage from Google’s listings.
Writing on his personal blog, Mr Breckenridge said: “I can’t believe I am the only person to figure this out, and there are a number of things that could be happening right now if this information is already in the wrong hands.”
Google acted swiftly to fix the problem once they had been alerted to it by Mr Breckenridge. The search giant is now working to have websites that should not have been removed from the index reinstated.
“The URL removal feature kept detailed records, so we’re currently reprocessing earlier removal requests to ensure their validity,” said a statement from Google. “Our initial examination has shown only a limited impact.”
Given how easy it is to modify a URL, Search Engine Watch’s Rob D. Young questioned how many other security flaws Google has yet to discover or remedy.