“A recent bug in Google Apps allowed students at several colleges to read each other’s email messages and some were even able to see another student’s entire inbox. The issue occurred at a small handful of colleges, admitted Rajen Sheth, senior product manager for Google Apps, but he declined to say how many other institutions were affected. However, according to Donald Tom, director of IT for support services at Brown University, one of the institutions undergoing the transition, he got the impression that a total of 10 schools faced the problem.
While the glitch itself was minor and was fixed in a few days, the real concern – at least at Brown – was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative.
Details of the Glitch
In the case of the Google Apps glitch, which began on Friday, September 11th, a couple of students notified Brown’s Computing and Information Services department (CIS) that they were able to read emails belonging to other students. The CIS department contacted Google on the following day and sent out an email to the 200 students whose mailboxes were in transition, asking them whether or not they were experiencing the same problem. Some were. The affected students could either see entire inboxes belonging to another classmate or, in other cases, saw less than 100 messages that did not belong to them.
In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. That means that the students had access to each other’s email accounts for three solid days (Saturday, Sunday, Monday) as well as parts of Friday and Tuesday before the accounts were suspended by Google.
Oddly enough, this situation seems to be acceptable, according to Tom, who, reports Brown’s daily newspaper, “praised Google for its prompt response.” (We don’t know about you, but if someone else could read our email for three days, we wouldn’t exactly call that “prompt.”)
– via New York Times