“Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?”
Remember this security warning? No?
If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you’re exposing all your events and business activities on the Internet accessible to anyone.
At the time of writing, there are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links, security researcher Avinash Jain told The Hacker News.
Avinash Jain, a security researcher from India working in an e-commerce company, Grofers, who previously found vulnerabilities in other platforms like NASA, Google, Jira, and Yahoo.
“I was able to access public calendars of various organizations leaking out sensitive details like their email ids, their event name, event details, location, meeting links, zoom meeting links, google hangout links, internal presentation…