Stolen data ending up in Google cache, say researchers

Researchers at security vendor Finjan, who recently uncovered several unprotected hacker servers containing the sensitive email and Web-based data of thousands of people, demonstrated how easy it is to find the data using Google.

By using a simple string of search terms the researchers were able to find stolen passwords and usernames, Social Security numbers, and even the usernames and passwords of internal databases of companies all stored in Google's public caching server.

Google returns the results based on log files available on the unprotected servers. The servers stored stolen data collected by Trojan horses running on infected end-user PCs, Ayelet Heyman, a researcher at Finjan's Malicious Code Research Center, said in Finjan's Malicious Code Research Center blog.

"Google just indexed these log files as they do with any other public file on the Web," Heyman said. "It's not a hoax as some people wrote; it's 100% harsh reality."

It's not the first time the search engine giant was used to uncover sensitive data or common security flaws in websites. Penetration tester Johnny Long was the first to make headlines explaining ways to turn Google into a malicious tool. Long's website has a Google hacking database. Tom Bowers, managing director of Allentown, Pa.-based Security Constructs LLC has also warned that IT professionals must learn how hackers use search engine queries to ensure sensitive data doesn't end up on the public caching servers.

Heyman urged people not to blame Google for caching the stolen information. Google indexed the log files on the server as they do with any other public file their crawlers find on the Web, Heyman said.

In April, Finjan announced that it had discovered an unprotected server and others used as a drop site for the AdPack exploit toolkit. The server wasn't encrypted and no authentication was used to access it.