Scamsters have identified a loophole in the Google Maps interface that allows them to con users to give up sensitive personal data, a report in national daily The Hindu stated.
Google Maps allows anyone to edit the contact details of any entity listed on it and a group from Thane in Mumbai took advantage of this feature to collect personal information, including sensitive bank details, from unsuspecting users, the report stated, citing the Maharashtra cyber police.
“We have received at least three complaints from Bank of India over the last one month. In all three instances, we immediately notified the authorities at Google,” Superintendent of Police Balsing Rajput of the State cyber police was quoted as telling The Hindu.
He added that once the group had edited the contacts, unsuspecting users called the new number and spoke to one of the members of the group who in turn asked for their CVV and Personal Identification Numbers (PIN), which the scamsters later used to withdraw money.
A spokesperson from Bank of India told the national daily that they had changed the contact details of their branches on Google Maps.
In its defense, Google told the newspaper that the option to edit was allowed in order to maintain a standard quality of information.
It also admitted that sometimes people may input the wrong information which they try to change as soon as possible.
Email queries sent to Google regarding the loophole didn’t elicit a response at the time of publishing this report.
The shortcoming in the Maps feature could lead to new problems for the Internet giant in India, which is currently in the process of finalising its data protection and privacy bill.
In fact, just like Facebook and WhatsApp, it may be called upon by the IT ministry to take the necessary steps to plug the issue.