• On BNET: Why an MBA is a waste of time and money
advertisement
March 30, 2009 3:04 PM PDT

Stolen credit cards exposed on Google- report

by Elinor Mills

Credit card information of 19,000 British Web surfers was exposed on Google search before being removed, according to a report this weekend.

It is unclear exactly when and for how long the information was available to Google searchers, although most of the cards had been canceled, The Telegraph reported the UK payments association APACS as saying. Visible were names, addresses, and credit card data for thousands of people.

Originally, the data was posted on an unsecured server in Vietnam used by criminal gangs that was closed in February, the newspaper said. However, the "cached" version of it on Google remained.

Google offers tools that allow webmasters to make sure content is not cached or is removed. Apparently, whoever leaked the data didn't use those tools.

"Please keep in mind that search engines are a reflection of the content and information that is available on the Internet. Search engines such as Google do not own this content, and do not have the ability to remove content directly from the Internet," a Google spokesman said in a statement.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Privacy & data protection

Tags:

Google,

search,

credit cards,

UK,

cache

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
A flood of phishing sites and how to avoid them
Microsoft to fix 13 holes in Windows, IIS, and Office
Cheerleaders Gone Wild clickjacking tempts Facebook users
Security firm: Zero-day Adobe exploit in the wild
Microsoft legal punch may change botnet battles forever
Adobe warns of zero-day hole in Reader, Acrobat
Antivirus isn't dead--it's growing up
Mozilla fixes Firefox holes, curtails clickjacking
Related
PayPal payments soon Android-integrated?
Is your phone the wallet of the future?
Opera support for Google Instant: 'Shortly'
Firefox add-on blocks malicious search results
Pay by phone: Hands-on with Bling Nation's PayPal patch
MasterCard MoneySend like PayPal for BlackBerry
Google Instant: Search for the now generation
Live at Google's search event: Google Instant
Add a Comment (Log in or register) (4 Comments)
  • prev
  • next
by someguy999 March 30, 2009 3:30 PM PDT
people take stuff down for a reason. If I didn't invite google to come search and archive my site, it shouldn't be my responsibility to hunt them down and tell them to take down my stuff. If they want to be all smarty-smart.... then they need to truly be smarty-smart and look for relevance... the information was over a month old.

Google is the one who is giving the information to the world and telling them "oh its down, but here's a copy we made". They should be on the hook for it!
Reply to this comment
by pentest March 30, 2009 4:37 PM PDT
Yeah, welcome to 5 years ago.

Google, while it is not exactly their fault, they bear some responsibility for several reasons.

1. The specialized searches such as intitle:index.of passwd passwd.bak expose systems not set up properly, but these searches are rarely useful for legit queries.

2. Google is not the only one at fault here, but it shows that indexing should be opt-in. robots.txt is an opt out tool, but most, if not all search engines unethically scan everything it can unless told otherwise. This problem of easily obtaining passwords would go away if Google wasn't so damn evil. Of course, this doesn't address the problem of people running web servers without knowing what they are doing.
Reply to this comment
by smallvoice March 30, 2009 7:16 PM PDT
The best way to handle such a problem is to cut the credit card in half and throw it away.
Reply to this comment
by mssoot March 31, 2009 8:59 AM PDT
Glad to hear google is concerned about the problem and willing to step up and take resposibility or at least step up and try to prevent it in the future from happening again. Great job Google. I doubt the judge will see it the same way after the suit gets filed
Reply to this comment
(4 Comments)
  • prev
  • next
advertisement
CNET River
advertisement

Google Instant: Better but not revolutionary

The search leader has genuinely advanced Internet search if not rewritten the rules. But what of searches from the browser?

Apple 2010 iPod lineup, reviewed

CNET reviews Apple's 2010 lineup of iPod portable media players, including the fourth-generation iPod Touch, sixth-generation iPod Nano, and the fourth-generation iPod Shuffle.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
Video
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET