The flaw was identified by Dave Naylor and seems to allow agencies or freelancers who were previously approved to access brands’ Webmaster Consoles to re-approve themselves and take action.
Previously, unauthorised access to a brand’s Webmaster Console and toolset would mean visibility on search data, the ability to slow down crawls and mess around with sitelinks. Changes would generally result in an email notification from the Webmaster Console too. This would be annoying but not catastrophic.
The situation has changed. In October, Google released an experts-only disavow links tool which lets site owners disassociate themselves from inbound links. The goal of the tool was to let brands rescue themselves from historic attempts at dodgy SEO (spam links, bought links, etc) and potentially low quality links bought by a spiteful competitor.
The security breach means that, in theory, the disavow tool could be used maliciously to discount useful and helpful links. This would be SEO sabotage.
There are a number of reasons why agencies and other SEOs are unlikely to be racing into a stealth war.
Firstly, any SEO sabotage may not actually be stealthy. Unauthorised uses of the disavow tool may well turn up in the message centre and the culprit traced.
Secondly, the disavow tool does not take immediate effect and can be reversed. Any raids on links run the risk of being caught, the culprit identified and stopped before any harm is done. Any harm is likely to be temporary too.
Rather ironicly, any brand that was hit in this way will recover once the unauthorised file is removed but is also given a linkbait story of such magnitude that they would likely generate even more natural, trusted, links as a result of their experience.
Lastly, no one wants to see a war of sabotage and escalation.
The question is – is anyone actually using the security breach for malicious intent? It’s hard to say. There has been some bluster from some about going after ex-clients who may have outstanding bills. That sort of talk is expected, especially if people are frustrated, but I’m not convinced it will lead to many actions.