A flaw in the Google Calendar application has surfaced that could make for some awkwardness. The flaw could make some of your private events public. The flaw reportedly has to do with entering email addresses on your event.
If you name an event with a title that someone you know has in their name or email, they could be added to your private event. The issue tuned up when a developer named Terence Eden found out that a reminder that his wife set to ask for a raise was shared with her boss.
Eden says that the entry was added by his wife as a reminder for herself, but she added her boss’ email address in the note and he was invited to the event. That would definitely be awkward, especially if the note was snarky at all. Eden says that when he was working on recreating the issue, he found that if you added an email address to the subject line on Google Calendar, that person doesn’t receive an email, but they will receive a popup reminder.
He also says that if you delete the entry, a cancellation notification would be sent to the email. Eden notified Google of the issue and the company acknowledged the issue. However, Google said that the bug had minimal impact on security so there would be no bug bounty offered. Google also said it is working to fix the issue and for now users should not add events with email addresses in them.