Google cache revealing critical personal infromation
A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I’ve come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that apparently someone made a BIG order for internet services that prompted the business to do a bit of research on the buyer. They found in Google’s cache a LOT of information – name, address, phone number, date of birth, credit card type, cc number, CCV2 #, credit card expiration, Social Security Number, bank pin number, account number, routing number, phone number, paypal email and password, drivers license number and state issued.
Now, it’s not Google’s fault that they spidered the information, someone had to store that on a website to begin with. If the owner of the information didn’t, then someone accumulated that information. (phishing probably?) There was not just one persons information available though, other peoples information, plus shipping information and what had been purchased (it makes me wonder if an online store had a lousy shopping cart that stored data in text files.) This information had been cached by Google about 7 months ago. SANS has contacted Google and they are usually good about removing items from their cache when asked.
The point to drive home is search for your own name in the search engines. Just like we talked about searching your own site. Enclose your name in quotes and use any variations you may have used in the past. I’d sincerely hesitate before considering searching for a credit card number, although I do recall making a search on an OLD, defunct credit card number of mine once. Another important note is to make sure the machine you’re using is secure, clean from viruses, firewalled and has all the current security patches.
When you do search for your name, don’t just follow the links to the found pages, check out the cached pages as well.