Simple queries using the Google search engine can turn up a handful of sites that have posted credit card information to the Internet.

The lists of financial information include hundreds of card holders’ names, addresses and phone numbers as well as their credit-card data. Much of the credit-card data that appears in the lists found by Google may no longer be valid, but CNET called several people listed and verified that the credit cards numbers were authentic. The query, the latest example of “Google hacking,” highlights increasing concern that knowledgeable Web surfers can turn up sensitive information by mining the world’s best-known search engine.



“It seems like everyone has their own trick,” said Chris Wysopal, vice president of research and development for digital security firm @Stake. “This is really searching for data that should be secret but has been exposed either through misconfiguration or by someone who has stolen it.”



There is no shortage of ways to search Google to find such data. Whole sites spell out how to search for financial information and describe software vulnerabilities and vulnerable configurations on Internet machines. Google is the tool of choice because its powerful search options, such as the ability to search for a range of numbers–useful in finding credit card data–is not present in other companies’ search engines.



More here.

0