Did I uncover your credit card details on the web today!

Tuesday, March 3, 2009

Today I accidentally uncovered a huge list of people’s names, addresses and credit card details online. No kidding.
I found more than that: login details to people’s
web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!)
For whatever reason, a hacker has broken into a number of sites and stored the resulting DB dumps into text files that Google came along and indexed, all because this guy’s site’s directories were set to
display their contents when no default file is present.
I have emailed Victoria Police with all the details. But after thinking about it some more, I have a simple observation and a suggestion…
First the observation that if a hacker is dumb enough to have your private login or credit card details online and indexable by Google, then they’re likely to be in a text file and unencrypted. If your credit card is listed, it’s probably had the spaces removed, since that’s how it will be stored (by idiots who don’t use a salted hash).

0 comments:

Post a Comment