Webmaster Tools security bug could wreak havoc
Security glitch revealed
Google Webmaster Tools is being affected by a potentially disastrous security flaw that grants users full access to old accounts.
First reported in David Naylor’s SEO blog, users began noticing yesterday afternoon that unexpected ‘new verified owner’ messages were appearing. It transpired that the affected Webmaster Tools accounts were reverifying all former users, and restoring their access to the account.
This could include former employees, developers, consultants and agencies who once had access to a site’s Webmaster Tools account. As Naylor pointed out, in the wrong hands this power could be devastating. Verified users are able to see all inbound links, use the disavow links tool to damage rankings, remove other verified users to hijack the account, redirect or deindex URLs or even the entire site. The consequences could therefore be extremely serious for site owners, who are advised to check their Webmaster Tools accounts as soon as possible.
In one example cited by The Next Web, eBay’s former Director of SEO Dennis Goedegebuure found himself with access to the eBay Webmaster Tools account, despite leaving the company over a year ago. However, this morning, he tweeted that his access had been revoked again.
Repercussions for Google
Some sources are also suggesting access will be restored to Google Analytics accounts. Although Analytics does not offer the same power over a site’s fate, it would provide insight into a site’s performance, traffic, conversions and top keywords, information some agencies or competitors could use to their advantage.
Despite the news spreading quickly, and panic and anger being expressed on many SEO blogs and on Twitter, Google has not yet commented on the security flaw. How it will eventually fix the bug, or repair any damage done, is also being widely discussed.
Adrian Mursec, senior developer at theEword, said: “Access to Webmaster Tools gives you a lot of power, and in the wrong hands that power could be dangerous – a bitter former employee or agency might even see it as an opportunity for revenge. If sites go down or are completely sabotaged, the potential loss of earnings or damage to businesses could cost Google dearly.”