Simple Google Search Reveals Credit Card Details
Article date: Thu, 12 Jul 2012 14:30 GMT
A year after massive security failings were exposed by hosting firm UKFast, consumers' credit card details are still as openly available as a pair of shoes on the internet, leaving them open to serious fraud and the businesses at risk of costly legal action.
Research by internet hosting specialist UKFast has found that the relatively simple Google searches exposed by the firm last year still reveal valuable collections of personal IDs.
Lawrence Jones, CEO of the hosting specialist exposing the breach said: "Twelve months ago we revealed that with a simple Google search, anyone could find databases filled with sensitive personal data from both customers and suppliers - including full credit card information.
"A year later we find ourselves in the situation where this information is still readily available. The value of these databases has hugely increased now thanks to the reams of information we place on social media. Cyber criminals can not only sell credit card details but whole identities, as openly as you would sell a pair of shoes."
One of the many databases found through a simple Google search by UKFast's security experts flaunts details of almost 4,000 customers of an events company - including names, emails, full postal addresses along with account usernames and passwords.
Jones suggests businesses are putting themselves, as well as customers, at risk by not properly protecting data. UKFast's security division monitors security and regularly carries out penetration tests that simulate hack attacks on servers to find any weaknesses and opportunities for improvement. But many companies are oblivious to the fact that storing card and personal details live on a web server leaves them searchable by Google.
Personal details including date of birth, mother's maiden name, workplace and marital status are available through Facebook, LinkedIn or Twitter profiles. Hackers can use these sites to fill gaps in information and steal whole identities that hold a high value in the cybercrime community.
Neil Lathwood, IT director at UKFast says: "Google is extremely good at indexing, so any indexable back-up files stored on the server may not be linked to from the website but can still be found through Google. This means that anyone, even without advanced technical skills, is able to find it."
"The key is not to have your back up files stored unencrypted and live on the server - this is the most common security failure that I see, and to be honest, it is just lazy."
With high profile cyber attacks hitting the headlines over the past year (LinkedIn and, today, Yahoo), Jones suggests that businesses have no excuse to continue to put customer data at risk in this way.
Jones explained: "With hacking and cyber security at the forefront of the news at the moment, with the massive Sony hack last year and more recently the customer data leaks from LinkedIn and eHarmony, we should all be ensuring that our data is locked down.
"Businesses can no longer play the ignorant card, as what they may not realise is not only are they risking their customers' online security, they may also be breaking the law. Storing confidential information unencrypted, hosting with a foreign provider or hosting with cloud services without knowing where data is stored or how securely it is stored can all contravene the Data Protection Act."
Jones reissued his advice to internet shoppers on how to protect themselves. "With cybercrime on the rise, the key is to make it as difficult as possible for fraudsters to find out any extra information about us," he said.
"Simple details such as hobbies or relatives' names act as password clues for many of us yet we still have this information all over social network sites. Having high privacy settings controls who has access to this information. Simple things like having stronger passwords and secure WiFi networks can make all of the difference."
print this article.Return to Press Releases