A hacker broke into Google’s main official blog and posted a false message on Saturday, saying that the company had decided to cancel a joint project with eBay.
The intrusion marks the second time this year that Google’s official blog has fallen into unauthorized hands. In March, Google staffers deleted the so-called Google Blog by mistake and someone briefly took control of the Web address.
In Saturday’s incident, someone exploited a bug in Blogger, the Google Web log publishing service on which Google Blog is hosted. The hacker published a note riddled with grammatical and spelling errors that said Google had ended its click-to-call advertising project with eBay because it was “monopolistic.”
The next day, Karen Wickre, from the Google Blog team, alerted readers about the false posting and said the Blogger bug had been fixed, without detailing the breach. The eBay project remains alive and well, she wrote on the blog.
The Google Blog is one of the company’s main communication tools. As official corporate messages similar to press releases, its postings often trigger news reports, analyst recommendations and investor decisions.
Key to Google’s success is that individuals and organizations trust that the company will keep their confidential information safe. Public displays of security vulnerabilities erode that confidence.
Google should learn a lesson from Microsoft, which didn’t put enough emphasis on security years ago and suffered an industry backlash until it got the problem under control, said analyst Rob Enderle of Enderle Group.
“I don’t think security issues have reached a critical point for Google, but it needs to get its arms around these kinds of things and put a face out to their customers to indicate it is devoting adequate resources to security,” he said.
Google can expect attacks against its systems to rise, because the more prominent a company is, the more attractive a target it becomes for malicious hackers, Enderle said.
“If Google gets a reputation for not taking security seriously enough, that will do them quite a bit of damage,” he said.
On the consumer side, Google keeps massive logs of search queries, a portion of which are directly linked to specific Google account holders who have given the company permission to track their search activities.
For consumers, it also stores personal information like e-mail messages, digital photos and calendar entries via a variety of online services like its Gmail Web mail service, Picasa photo manager and Google Calendar.
Organizations do business with Google on various fronts, including to advertise online, analyze their Web sites’ traffic, process e-commerce transactions and implement enterprise search systems, all of which involve entrusting Google with sensitive data.
Google on Tuesday kicked off its Mac Blog, a place where Google’s employees will keep the community abreast of what the company is doing for Mac users.
A Google spokesman declined to comment beyond Wickre’s blog posting.
Editor’s note: Updated with analyst comments.
Macworld’s Jim Dalrymple contributed to this story.