Google Webmaster Tools Security Bug Re-Opens Access To Old Accounts
A security bug in Google Webmaster Tools has given users access to old accounts and websites that they’re no longer supposed to be able to access.
The problem was discovered earlier today and reported on several SEO blogs and news outlets — including (first, I believe) by Dave Naylor — and was discussed pretty heavily by search marketers on Twitter. We asked Google late Tuesday afternoon to comment on the bug reports, but have not received a reply.
What’s happening in some, not all, Webmaster Tools accounts is that users are finding themselves with sudden access to accounts that they once had access to, but no longer do; i.e., former clients, employers and the like. That bug is presumably giving a lot of power to individuals that shouldn’t have it — power to deindex, disavow links, unverify the current/legitimate webmaster’s access, and even redirect sites to other verified domains in the user’s account. It also reveals a lot of link, search, index/crawl and other data to users that shouldn’t be able to see those things.
The bug isn’t affecting my Webmaster Tools account, so here’s a screenshot from Dave Naylor’s account showing several verification changes that re-opened access to old accounts/websites.
There are reports that the same (or a similar) bug is affecting Google Analytics, and State of Search reported that some blocked connections in Google Talk have also been unblocked.
This is a serious problem and Google’s silence on it so far suggests that they’re still trying to sort out what’s happening and why — and how to fix it.