Friday, May 30, 2008

Researchers: Stolen Data Ending Up In Google Cache

Robert Westervelt writes on SearchSecurity:

The Finjan security researchers, who uncovered several unprotected hacker servers containing the sensitive email and Web-based data of thousands of people, demonstrated how easy it is to find the data using Google.

By using a simple string of search terms the researchers were able to find stolen passwords and usernames, Social Security numbers, and even the usernames and passwords of internal databases of companies all stored in Google's public caching server.

Google returns the results based on log files available on the unprotected servers. The servers stored stolen data collected by Trojan horses running on infected end-user PCs, Ayelet Heyman, a researcher at Finjan's Malicious Code Research Center, said in Finjan's Malicious Code Research Center blog.

"Google just indexed these log files as they do with any other public file on the Web," Heyman said. "It's not a hoax as some people wrote; it's 100% harsh reality."

More here.

1 Comments:

At Fri May 30, 01:03:00 PM PDT, Anonymous Anonymous said...

Slackers!

The data cache I found in 2006 (~1.2 Gb in size) was protected behind a password, and the front end website not only had a userid/password combo, but was also protected from google with a robots.txt.

 

Post a Comment

<< Home