Title: Data Breach on google
Last modified: November 9, 2020

---

# Data Breach on google

 *  Resolved [bladetwick](https://wordpress.org/support/users/bladetwick/)
 * (@bladetwick)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/)
 * Hi
 * This is to let you know we have followed up with the plug-in in question of the
   breach.
    We will reply to your support email to make the “Make bookings private”
   with the free version as this is sending customer data to google and it’s against
   GDPR rules:
 * To NextGen gallery plug-in:
    Hi We received a customer report of data breach 
   via our wordpress plug-in fivestar booking system [https://en-gb.wordpress.org/plugins/restaurant-reservations/](https://en-gb.wordpress.org/plugins/restaurant-reservations/)
 * Next gen was able to read the booking name, email, phone number and booking details
   and published on google under the following link: [https://brouge.co.uk/ngg_tag/brouge-twickenham](https://brouge.co.uk/ngg_tag/brouge-twickenham)
   which sent you to a list of our images and it opened a pop up to print those 
   images automatically.
 * We have since removed the NextGen galley plug-in and blocked access to the ngg_tag
   file – awaiting google update of our site index, hopefully those details will
   disappear.
    We found other customer details on the same breach on google. We 
   have image of this to prove the breach.
 * We sent the image to FiveStarPlugins and their response was to make the bookings
   private (not available on the free version) and to make the WP page private –
   which is not possible as data is stored on the plug in. We will follow this up
   further.
 * Can you please tell us how these details were published on google via NextGen
   Gallery however?
    Is there a possible breach that needs looking at?
 * We look forward to your response

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Support [jaysupport](https://wordpress.org/support/users/jaysupport/)
 * (@jaysupport)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/#post-13641104)
 * Hi Blade,
 * Sorry for any issues you are having related to our plugin. Would you perhaps 
   be able to clarify what the exact issue is, and how the NextGen Gallery is involved?
 * Are you saying there is an issue presenting itself in the NextGen gallery, and
   which you think something from our plugin is responsible for?
 * Or are you saying that the same issue is presenting itself in both our plugin
   and that plugin?
 * The URL you referenced is not created by our plugin, so I’m not sure how you 
   mean to say our plugin is involved or related to it. Were you trying to include
   the view bookings form in a NextGen gallery, or something like that? Or include
   a NextGen gallery on the view bookings form page?
 * As far as placing the view bookings form from our plugin on a private page, that
   should be as simple as making the page private in your WordPress. I think perhaps
   you misunderstood our explanation in the email. What we meant to say is that 
   you can make any page in your WordPress private. This is not something from our
   plugin, but from WordPress itself. For this, just go to the “Pages” section in
   your WordPress admin, open up/edit the page you put the form on, and set the 
   visibility to private. You can find more info about this here: [https://wordpress.org/support/article/content-visibility/#private-content](https://wordpress.org/support/article/content-visibility/#private-content)
 * Furthermore, if you’re concerned about what content Google is crawling on your
   site, you may want to do some research into using your robots.txt file to disallow
   parts of (or the whole of) your site from being crawled. A good introduction 
   to this subject can be found here: [https://support.google.com/webmasters/answer/6062608](https://support.google.com/webmasters/answer/6062608)
 * There are also plugins that help with setting up the robots.txt file and disallowing
   crawling.
 *  Thread Starter [bladetwick](https://wordpress.org/support/users/bladetwick/)
 * (@bladetwick)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/#post-13641213)
 * Hi Jay.
    Just trying to get to the bottom of it really.
 * Alex from your support has emailed promptly, thank you for that, and I have responded
   that the free version does not allow for the VIEW BOOKINGS PAGE section to be
   accessed, the row is blank anyhow and no page exists for the bookings data.
    
   I can view bookings from the plug-in dashboard only.
 * So:
    Customers details, booking times, their email and phone number have been
   crawled by google and shown on a NextGen gallery link. (Alex has a link and screenshot).
 * I have since deleted NextGen plug-in, updates robots.txt file, deleted customer
   data, checked google crawl links so the details should disappear on next crawl.
 * I have today posted on NextGen support here on .org and thought your plug-in 
   might need to be looked also as it’s the data from here that’s being transmitted.
   
   The bookings are kept on the dashboard of the plug-in so how come they have ended
   up on google? We can get in real trouble with the new gdpr rules so might be 
   worth looking at it.
 * I have searched other names from bookings and found more of the same links on
   google.
 * I hope I have eliminated the possible breach by NextGen gallery plug-in by deleting
   it and taking other necessary steps to secure our data.
 * I will need to confirm to our customer when their details have been removed from
   google, so might be reassuring to know that you have also carried out necessary
   checks to ensure data will be kept safe. Maybe allow the make bookings private
   section on the free version?
 * I have been using the plug-in for a month on the trial basis, we do need a booking
   system however I would need some reassurance if I was to consider upgrading to
   the full version.
 * Thank you.
 * Happy to delete the post when resolved as this is more of feedback rather than
   criticism however the fact remains that booking details ended up on google
 *  Plugin Support [jaysupport](https://wordpress.org/support/users/jaysupport/)
 * (@jaysupport)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/#post-13641276)
 * No booking data from the admin is ever displayed on the front end of your site,
   and the view bookings form itself is never displayed unless you explicitly enable
   or place it somewhere on your site. It is not enabled by default.
 * If you don’t remember adding the view bookings form to your site, then I’m thinking
   that maybe you activated the premium trial at one point and set it up during 
   that time. Since discussion of the premium version is not allowed in these forums,
   we’ll follow up in the email thread you started and explain how this could be
   the case.
    -  This reply was modified 5 years, 7 months ago by [jaysupport](https://wordpress.org/support/users/jaysupport/).
    -  This reply was modified 5 years, 7 months ago by [jaysupport](https://wordpress.org/support/users/jaysupport/).
    -  This reply was modified 5 years, 7 months ago by [jaysupport](https://wordpress.org/support/users/jaysupport/).
 *  Thread Starter [bladetwick](https://wordpress.org/support/users/bladetwick/)
 * (@bladetwick)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/#post-13641309)
 * No problem.
 * Thank you again for the prompt response
    -  This reply was modified 5 years, 7 months ago by [bladetwick](https://wordpress.org/support/users/bladetwick/).

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Data Breach on google’ is closed to new replies.

 * ![](https://ps.w.org/restaurant-reservations/assets/icon-128x128.png?rev=2205491)
 * [Five Star Restaurant Reservations - WordPress Booking Plugin](https://wordpress.org/plugins/restaurant-reservations/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/restaurant-reservations/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/restaurant-reservations/)
 * [Active Topics](https://wordpress.org/support/plugin/restaurant-reservations/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/restaurant-reservations/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/restaurant-reservations/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [bladetwick](https://wordpress.org/support/users/bladetwick/)
 * Last activity: [5 years, 7 months ago](https://wordpress.org/support/topic/data-breach-on-google/#post-13641309)
 * Status: resolved