August 20, 2004 6:03 PM PDT
MoveOn.org subscribers exposed
- Related Stories
Political parody draws Web crowdAugust 16, 2004
Google queries provide stolen credit cardsAugust 3, 2004
Google a favorite among hackers, tooJuly 29, 2004
MoveOn looks to Net for political ad starsJuly 2, 2004
Faith in Net's force rises, falls with DeanJanuary 29, 2004
Campaign sites miss Web boatNovember 5, 2002
A Web page misconfiguration left dozens of the liberal political group's subscriber pages easily searchable through simple Google queries. Each page included a subscriber's name, e-mail address and the mailing lists to which he or she is subscribed. CNET News.com confirmed that several searches turned up more than two dozen individual subscriber pages.
"This is extremely disturbing," said one subscriber, who requested anonymity, when contacted through e-mail. "I'm not sure if I should be worried or not, but I am."
The subscriber Web pages linked member's names with their interests, such as "distortion of evidence" and Errol Morris, director of the documentary "The Fog of War," which won an Oscar for its portrayal of the life of Robert McNamara, secretary of defense during the Vietnam War.
MoveOn.org fixed the problem on its site after being contacted by a member. The search results on Google now redirect people to MoveOn.org's front page. The organization is implementing further changes to protect the user information.
The information leak is the latest version of "Google hacking," the practice of using the search engine's advanced features to find private data leaked by Web sites. Earlier this month, security researchers found a way to use the search engine to find lists of credit card numbers, along with card holder information, that had been posted online by traders of illicit financial information.
The incidents highlight increasing concern that knowledgeable Web surfers can turn up sensitive information by mining the Web using the world's best-known search engine. MoveOn.org stressed that no financial information was leaked in the most recent incident, and that the site does not retain credit card numbers.
The discoverer of the MoveOn.org problem, Web developer Shawn Smith, found the information accidentally, he said. Smith, a member of MoveOn.org, had searched Google for information on recent video clips sponsored by the political group. Along with a link to the clips, he found that several of the other search results pointed to Web pages with subscriber information.
"I just wanted to see the (video) spots," Smith said. "Instead, I found these other sites."
Smith alerted MoveOn.org to the problems, and the Web site fixed the issues.
MoveOn.org is best known for using the Net to distribute 30-second spots attacking President Bush's policies. The video spots, called "Bush in 30 Seconds," gained widespread recognition for the site and for the Internet as a medium for grassroots political speech.
9 commentsJoin the conversation! Add your comment