Alister Cameron // Blogologist

Changing the world. One blog(ger) at a time.

Did I uncover your credit card details on the web today!?

Today I accidentally uncovered a huge list of people’s names, addresses and credit card details online. No kidding.

credit cards Did I uncover your credit card details on the web today!?

I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!)

For whatever reason, a hacker has broken into a number of sites and stored the resulting DB dumps into text files that Google came along and indexed, all because this guy’s site’s directories were set to display their contents when no default file is present.

I have emailed Victoria Police with all the details. But after thinking about it some more, I have a simple observation and a suggestion…

First the observation that if a hacker is dumb enough to have your private login or credit card details online and indexable by Google, then they’re likely to be in a text file and unencrypted. If your credit card is listed, it’s probably had the spaces removed, since that’s how it will be stored (by idiots who don’t use a salted hash).

Search Google for Your “Privates”

So here’s the suggestion: search Google for your credit card number. If something shows up go check it out. See if you also fluke a list of hacked card details with your own details there too. If you find nothing it doesn’t mean you haven’t been hacked… it just means you’re not listed online.

Now, if you have a strange and obscure password you always use (that is most likely your and yours alone), try searching for that too. Again, if it shows up in Google’s SERPs, check out the page and see what’s there.

I must say I was pretty freaked out to have discovered these credit card details online. I mean, you’d think a hacker would be smart enough to keep his stuff away from public web access and Google indexing, but perhaps not.

Crappy Coding of E-Commerce Sites

All this raises an issue that I have been long worried about… the coding and security standards of e-commerce sites out there.

How do you and I know that a given site is secure or not. Suuuuuuuure… it has HTTPS working right and the little key comes up on your browser when you get to the page asking for your credit card details. So what?!

The real worry is whether a hacker can get into the database and suck out all the customer and purchasing records. And if a programmer doesn’t know what a salted hash is (basic basic stuff), he should be shot. If a programmer doesn’t know how to code his querystrings so that SQL can’t be injected in, then he should also be shot.

This is why you SHOULD think about the e-commerce platform chosen by your chosen vendor of whatever it is you’re about to buy online. See, there are known weaknesses with various different shopping cart software platforms out there. And if someone builds one from scratch… well, you’d better hope they know what they’re doing.

If It’s Always The Same Password, One Hack Is Enough

If you’re like me, you use the same username everywhere. It’s a branding thing. I’m “alicam” (or “blogologist”) almost everywhere, unless I can’t get these, or unless I don’t want to be “me”.

If you’re NOT like me, you also use the same password everywhere. (I confess… I used to, until a few years ago when I woke up!)

Here’s the danger of using the same password everywhere: a hacker only needs to compromise any one single website to which you are subscribed as a member to get your username and password (assuming he can get past the hash or whatever obfuscation is in place). Once he’s got these, he can try these again all over the place, looking for what other sites and services you belong to. Along the way he can gather more and more information about you, in readiness for “becoming you”… called Identity Theft.

So don’t use the same password every time. Here’s a trick that may work for you: add part or all of the domain name into your password, along with the bit you usually use. So, if your password was always “fr3dd0″, make it fr3dd0-yahoo, fr3dd0-google, fr3dd0-wordpress, etc. Sure, a person could work out what you’re doing, but not a machine. And often enough the attacks are done by machine, with a person taking over once there is some success breaking in.

In my case, I had a password generator make up 16-character long unique strings (with alpha-numeric and special characters), which I use uniquely for each of the services I use. I’m not taking chances. (How I memorize them all is my secret!)

Important Tips for Your Online Security

So, to conclude, here are some simple tips to keep you safe online:

  • Buy online from large, reputable suppliers only.
    Ideally, choose vendors in the same “jurisdiction” as you, and vendors who also sell to you offline.
  • Don’t buy from ugly sites.
    If the site looks really ugly and clunky on the front end, it might be coded that way on the back end too. Just walk away!
  • Use Paypal where you can.
    It’s an eBay company and gives you a safety net for online transactions. They spend millions getting it right.
  • Update your passwords.
    You should use really good passwords, and unique ones, for your important online services like banks, hosting suppliers, government, etc. Don’t double up on them.
  • Buy from countries you trust.
    If sounds snobbish, but if you get in trouble with a vendor who doesn’t deliver, and he’s from a country that can’t protect you in law, you’re up the creek without a strudel.
  • Know about phishing.
    You think you know what it means, but are you up-to-date on the latest tricks and techniques? Some of them are darned convincing. So use filters and software to help you too.

This is a quick brain-dump of my suggestions. There are more, so leave a comment for the benefit of others if you have some goodies icon smile Did I uncover your credit card details on the web today!?

Do The Right Thing!

Finally, do the right thing. If you find stuff that shouldn’t be there, tell the authorities. If you’re a Google Search Guru with all your advanced operator trickery, then it’s even more possible that you’ll come across stuff like I did… but I sure hope not.

credit card fraud, identity theft, credit card theft, online fraud, identity fraud, phishing, online scams, hacking, google hacks, google hacking, alister cameron, exploits, vulnerabilities, internet security

66 Comments

Note: Commenter website links are not no-followed, in case
you were wondering... I believe in rewarding commenters!

  1. Posted 7 years, 1 month ago // Permalink

    That’s scary stuff – just glad that it was someone like you that stumbled on the info….

  2. Posted 7 years, 1 month ago // Permalink

    That’s a bizarre find you uncovered!

    In my consulting work as a programmer I’ve always been amazed at the number of sites/systems that store the password in clear text. And it’s so obvious that most people use the same password for most sites. The importance of passwords just cannot be overstressed. Thanks for the warning.

  3. Posted 7 years, 1 month ago // Permalink

    It’s something which actually has been a problem for quite some time, and it’s not just small companies affected. Big companies suffer from it as well from time to time and it’s really hard to stop. You can only hope that whatever data you input is completely encrypted, not just a password but also usernames, credit card details, address details, etcetera. It doesn’t have to be an md5 encryption since that’s a 1 way encryption, but it should at least be something so the database on itself is rendered useless.

    Unfortunately though, that’s in 99.999999999% of all databases not the case.

    Not just eCommerce sites like this have been targeted, but also online games have had database ripped with tens if not hundreds of thousands different user details in combination with credit card details before already and I’m sure there’d be other types of business suffering from this as well.

  4. Fat Bastard
    Posted 7 years, 1 month ago // Permalink

    Hey Al

    Someone hacked into a site I had done business with some time ago and stole my cc details. Unfortunately for him, I had since paid your bill for some designing work and my card bounced when he tried to use it.
    So, I suppose I should thank you.

  5. Posted 7 years, 1 month ago // Permalink

    I ran across something similar last week. I search sitepoint every week for good sites to buy. A lady was advertising an ecommerce site for sale. Someone asked for proof of sale and she posted an excel spreadsheet complete with customer names, addresses, billing addresses, credit card numbers, expiration dates, and csv codes.

    I wrote sitepoint and they quickly removed the details. It just goes to show you, some people may not be intentionally causing you harm , but still shouldn’t be trusted with your personal info.

  6. Posted 7 years ago // Permalink

    This is awesome. I’ve never heard of these suggestions before, even with all the ID theft stuff floating around the ‘net these days.

    Thanks!

  7. Posted 7 years ago // Permalink

    You used to be able to run search operators (like 4500000000000000..4600000000000000) in Google to find all numbers within that range (and therefore all credit card numbers it had indexed).
    I tried it yesterday and it had since been blocked.

    I’d be careful about typing credit card details into Google though.

    Firstly, make sure you’re logged out of your Google Accounts, or have Google’s search history recording turned off.

    But even with search history turned off, I would nonetheless worry – AOL last year released a huge amount of search data (which was typed into their Google-run search engine) – and among that search data were dozens of credit cards and pieces of personally identifiable (private, sensitive) information.

  8. Posted 7 years ago // Permalink

    Spooky article. It’s strange how Google didn’t find a way to protect or even skip those sensitive information.

  9. Posted 7 years ago // Permalink

    Wow, amazing information that I hadn’t thought of before! I really like the tip about adding a portion of the url into the password, I’ll have to start doing that with my numerous sites I have and use.

    Definately great information here! Thanks!

  10. Interior developer
    Posted 7 years ago // Permalink

    Hi,
    Its a rich content post.I found it is very interesting and more informative.Really that tips for online security are excellent.I shared these tips with my friends and relatives.I know the danger of using the same password very well because of my own experience.But many people following the same password everywhere.you had provided a great explanations here.Thanks for your valuable information.

  11. Posted 7 years ago // Permalink

    Thank you for that advise. Did you inform Google? I’d be interested in their response.

    Regards
    Peter McCartney

  12. Posted 7 years ago // Permalink

    this is very scary indeed. Identity theft is no joke and the fact you can find this on the internet shows why you should use these precautions

  13. My Name
    Posted 7 years ago // Permalink

    Let me rush to type in my most secret passwords into Google right now!!!!

  14. Jan
    Posted 7 years ago // Permalink

    You are an idiot if you search or put your credit card numbers and passwords on google. Google == CIA and they also store everything you search and can quite easily connect the information to you and places you visit. There is no guarantee an insider will not abuse them. I am aghast at you for advising people to do this. — Can you get any more stupid? How about photocopies of your drivers licence, passport, etc. and try posting them on website to see if anybody has seen them online, eh? How about sending me your credit card information so I can see if I have happened to run accross it?

  15. Posted 7 years ago // Permalink

    @Jan – I am advising people to test for their credit card number, yes. NOT the number PLUS the expiry date or anything like that. Heck, what’s in a number? I can create valid CC number easily if I know the checksum system… so valid credit card numbers is no big deal.

    As for passwords, they mean nothing out of context. And my real point is not to use the same one everywhere anyway.

    But thanks for adding to the conversation anyway :)

  16. Daren
    Posted 7 years ago // Permalink

    DO NOT SEARCH FOR YOUR CREDIT CARD OR NAME! The search bar is an unencrypted channel and search engines publish and has published web searches for scientific analysis.
    On top of that, US govt owns the right to direct internet traffic through their servers for ‘security’ purposes.

    PS Alister, you just gave a dumb advice.

  17. Posted 7 years ago // Permalink

    @Daren – Don’t you think the US government already have your CC details if they want them? Do you really think they’re waiting for you to type that stuff into Google so they can get a hold of it?! These are the same people with the satellites and all that “Enemy of the State” gadgetry right?!

  18. Posted 7 years ago // Permalink

    It’s not a new thing that you can find many secret stuff with google search. With smart query strings you can search almost anything. I’ve made a special website for it.
    Have a look at SearchHacker
    http://www.searchhacker.com
    Or it’s sister site to find unprotected live webcams.
    http://www.camhacker.com

  19. irrelevant
    Posted 7 years ago // Permalink

    I would not recommend searching Google for your credit card number, passwords, or any other info that should be kept secret. Google keep their search data, plus anything you search for can be seen by anyone in a position to do so. Also many ISP’s log web traffic, and you have absolutely no idea who has access to this data or for how long it is kept.

    You have been warned.

  20. Posted 7 years ago // Permalink

    Of course, if you’re punching your credit card numbers and private passwords into Google search, you’re ALSO inputting your information into Google’s databases. Google keeps records on all searches … for years.

  21. John E
    Posted 7 years ago // Permalink

    If you do search for your credit card details on Google and you’re logged in, be sure to clear your web history in your account. Otherwise, Google will store your searches and that’s definitely not a great idea.

  22. Posted 7 years ago // Permalink

    @John E – agree with that. It also raises other thoughts…

    I’ve heard of people storing key information in gmail “draft” emails (ones they’ll never send). Things like passwords, for example, bank account numbers. It makes it easy when you’re away from home to login to gmail and get to stuff you need for logging into less-frequently-used sites, etc.

    To me this is far more scary a thing to do than what I’m proposing…

    -Alister

  23. Posted 7 years ago // Permalink

    Thanks Man. I will remember to use Google checkout or paypal wherever possible.

    Good for google to have indexed those numbers or we wouldn’t have found out.

    Ron

  24. Posted 7 years ago // Permalink

    Alister,

    excellent discovery. It is funny with all the different comments about not searching for your credit card number. ahh, the power of digg and all the comments it brings.

    If people are too scared, then how about searching for 10 out of the 15/16 digits?

  25. Eli
    Posted 7 years ago // Permalink

    You know what your local police are going to do? Nothing. They probably don’t even understand what you found. Not long ago someone was actually forging checks in my company’s name and trying to scam people with them around the country. Yeah we called the local police. They took some information, and did nothing, because the Internet is not their jurisdiction and they’ve got better things to do.

    Besides, I’d almost guarantee you that any credit card numbers you found were expired, passwords had been changed, etc. That kind of information has a very short period of validity before it’s flagged by credit card companies.

  26. Alister Cameron
    Posted 7 years ago // Permalink

    @Eli – you’re the second person to give me doubts today about what my local Police will (or won’t) do…

    So I just got off the phone with the US Secret Service. I have the data for them, and (I assume) one of their IT agents will get back to me.

    Which brings me to the point that it was really hard for me to work out who to call. There’s tons of info online about what to do if you think your data has been stolen, but nothing much telling you who to call if you uncover fraud, as I did.

    Anyway, I’m about to go to bed, but I’ll await their call in the morning :)

    -Alister

  27. Cuban
    Posted 7 years ago // Permalink

    Are you serious? Your article really suggests that users search Google for their credit card number? Do you see the incredible problems with that?

    In my opinion, your credibility as any kind of security ‘expert’ just went right out the window.

    I’ll come back and look for your response to my comment.

  28. Posted 7 years ago // Permalink

    @Cuban – You tell me what’s wrong with it. You tell me seriously what the security issues are. Unpack them. I don’t see them as clearly as obviously you do. I am keen to hear your thoughts, as are others here.

    If you can make your points clear, and I see my error… I will be the first to admit it.

    But all I’m getting right now it people telling me off but not *really* explaining the risks.

    Note also my clarifications on previous comments as to why I don’t think there is any serious risk.

    But over to you (or others similarly aghast at my suggestion).

    -Alister

  29. Chris
    Posted 7 years ago // Permalink

    You seem to be suggesting that using a ‘salted hash’ is a great way for a vendor to store a credit card number. It’s not. A hash is a ONE WAY operation, therefore, when Joe Vendor wants to retrieve your card number to charge it – he can’t.

    Hashes are commonly used for passwords. When a user signs up, the application places the hashed password in to the database, then on subsequent logins, the application rehashes the password the user supplies and checks this against what is stored in the database. This has the benefit of never storing a decipherable password in the database – but it is no good if you actually want to retrieve the original data.

  30. xister
    Posted 7 years ago // Permalink

    Hi Alister-
    Great article, and I too am surprised at the number of people that are alarmed regarding the CC numbers. What good is a CC# without the security code and the correct name and address to go with it? If someone at Google (or even the dreaded government) fished it out of a billion search queries, how on earth would they go about finding the person’s name or all the other pertinent information? (unless of course, the person was stupid enough to type all of that info down on a web page in plain view of Google’s search bots)

    Wish me luck as I try this logic out over at Digg…

  31. Posted 7 years ago // Permalink

    @Chris – perhaps we’re getting confused on terms here… that may be my fault.

    I thought “hash” just meant a standard-length obfuscated string representation of something, and that while, say, MD5 is a one-way hash, others (perhaps AES or somesuch) are not.

    If hash was not the right term to use here I plead ignorance on the right term, but I think the programming principle I was making is still valid.

    Thanks for that clarification.

    -Alister

  32. knowcc
    Posted 7 years ago // Permalink

    Putting in your CCN is a bad idea, as other people have already mentioned it can get leaked a variety of ways. You claim having just the number out in the wild isn’t a big deal because it is easy enough to generate ‘fake’ numbers using the luhn checksum. However I think that is wrong. If someone gets your name and CCN then they can fairly easily guess the expiration month by simply trying to buy a small item from amazon (or anther merchant) until it goes through. There are only 12 possible expirations a year, and only a few years a card is typically good for. Easy enough to brute force for a competent scripter. If people really want to search for this stuff, go for searching your name and last four, though I still wouldn’t do that either.

  33. jeffyboy
    Posted 7 years ago // Permalink

    Of course, by taking this author’s advice and googling your credit card number, you are deliberately putting your credit card number into an online database – Google’s. So if you do this, be sure you trust Google, now and forever.

  34. Posted 7 years ago // Permalink

    O, the evils you could have done.
    Nice job on alerting the authorities asap – – A few dark figures may have done otherwise.

  35. Posted 7 years ago // Permalink

    this is all conmon sense stuff that we should all know

  36. Posted 7 years ago // Permalink

    Search google without using HTTPS is almost impossible. It is NOT a good idea to simply put your credit card into google unencrypted!

  37. Posted 7 years ago // Permalink

    Alister,

    I posted the following response to you, but I don’t see it anywhere in your comments… so here goes #2:

    Alister Cameron -“- You tell me what’s wrong with it.”

    Fair enough, Alister. So the reason you would never, EVER want to type your credit card number into google is:
    1. You’re not on an SSL Connection – You search can be interecepted by someone as LEGIT as your ISP and as illegitimate as your neighbor 3 doors down sharing your cable network

    2. Your machine could have spyware recording your searches – Even Legitimate toolbars like Yahoo and Ask.com Toolbars (Not to mention Google) record entries and send them back to the mothership. Yahoo knows what you search on google, when you’re using them. Once that happens, you’re not in control of that Data. others are. And this doesn’t even account for the countless numbers of illegitimate toolbars installed with P2P clients, Keygens, pornography, software cracks, and the like.

    3. Google search data is NOT protected. If you ever stand in the Google Corporate Offices Lobby, you’ll see that google random selects and samples real-time search information, and displays this search data on two 60 in LCD’s in their corporate office. If this is going on, you have no guranantee is to who is viewing your data, period.

    So those are my arguments. I trust you’ll have a fair amount of agreement?

    Regards,

    Cuban

  38. Posted 7 years ago // Permalink

    Great tips. I’m amazed some sites get business looking like they do.

    As you say, the SSl cert means nothing. Yet Verisign and other now sell EV SSL Certificates with the green bar…ooooo. So now e-tailers have to burn more cash so ill-informed consumers don’t panic when the green bar does not appear. It sill doesn’t mean the site/server is safe. It means the company exsists, thats all.

    The cc companies answer is verified by Visa (MasterCard have one too now. How does giving the last 4 digits of your ss number and yet another password (admit it, you use the same one don’t you) make your transaction any safer?

  39. Posted 7 years ago // Permalink

    Hi Alister! Congrats! This post is getting a lot of traffic. A lot of good insight here.

    I’d recommend, though, adding a warning near your text that says “So here’s the suggestion: search Google for your credit card number. ” I agree with the comment by Cuban above about the security issues. Maybe you could move some of those risks up into the article as a fair warning?

    Cheers,
    Mason

  40. Elessar
    Posted 7 years ago // Permalink

    “So here’s the suggestion: search Google for your credit card number.”

    This has got to be the stupidest suggestion.

    Typing your credit card number in cleartext in the google search box and sending across the internet. Don’t you see something wrong with that?

  41. andy
    Posted 7 years ago // Permalink

    NEVER Google for your personal details as you are sending them over the internet in plain text!

    This is extraordinarily bad advice and should be removed from the article.

  42. Posted 7 years ago // Permalink

    Scary Scary Stuff…but why would you type your own info in for Google???

  43. Posted 7 years ago // Permalink

    I once googled my social security number, found it, got the page taken down. Problem solved. Had I followed the advice of the paranoid folks on this page I would have not sent my social security number to google and there still would be a page with my SS number on it. People gotta weight the risks and decide which one is more dangerous– a public credit card number or the search for a credit card number.

  44. Posted 7 years ago // Permalink

    @Matthew Martin – thank you, thank you, thank you!!!People with your experience are the very reason why I wrote this post in the first place! It sounds like a scary thing to do, to enter your personal details (or key parts of them) in to Google or any other leading SE… but for those people who DO find their private information online somewhere and can take the appropriate action to protect themselves… there is all the reason in the world to have searched in this way!Think about it, folks!-Alister

  45. Posted 6 years, 11 months ago // Permalink

    crazy stuff. thanks for bring to my attention

  46. Posted 6 years, 10 months ago // Permalink

    Hey there! Freaky article but awesome at the same time! geeee thank god i never came to the extent of purchasing online :/

    Well keep up the good work on your every blogs, i try to keep myself updated, unfortunately the music industry leaves you breathless (literally) …

    Regards
    Billy.J

    =)

  47. Posted 6 years, 9 months ago // Permalink

    Its scary how much someone can pilfer about you just by using Google really. Like you say the best method is to never do anything online but thats not really a practical answer, these e-commerce sites need to clean up their act if an internet world is ever going to be safe from credit fraud.

  48. Posted 6 years, 9 months ago // Permalink

    I already knew all these hints except of the second hint “Don’t buy from ugly sites”. it is a simple hint but that I never gave attention in this detail and to also believe that many people ignore it. Congratulations by the hints.

  49. Posted 6 years, 7 months ago // Permalink

    Great information! Thanks for pointing this out as the web has become a huge place of information, I’m sure more people are going to experience this.

    Just hope my information wasn’t in there!

  50. Posted 6 years, 7 months ago // Permalink

    wow… that is some scary stuffs. thank you for the informative posts.

  51. Posted 6 years, 6 months ago // Permalink

    Great information! Thanks for saving me some time and loss of my personal finance information!

  52. Posted 6 years, 6 months ago // Permalink

    That is scary! Hopefully you didn’t find my CC info, hehe ;-)

  53. Posted 6 years, 5 months ago // Permalink

    Even after reading your bold title, I still find myself horrified after reading your article. It’s hard to imagine that after some hacker steals your credit card, he would make the information public for more people to steal your identity. I am not sure if I should laugh or be completely horrified of someone’s stupidity.

  54. Posted 6 years, 4 months ago // Permalink

    Interesting article, and scary stuff.

  55. Posted 6 years, 4 months ago // Permalink

    Hackers will constantly improve themselves on the technology and if search engines make a slip up, they will make the best use out of it. Most e commerce sites are well secured but if you happen to come across the one not so good, its quite risky. Precautions with the passwords can help.

  56. Posted 6 years, 3 months ago // Permalink

    Hey thanks for an awesome article….

    I try and keep my passwords changing every nw and then and have a few that I use but this has worried me and I am starting to think I should have a different PW for every single site….

    I am sure 88% of us have our details stored somewhere by someone!!

    I am def going to see if my CC numbers are lurking, indexed, online.

  57. Posted 6 years, 2 months ago // Permalink

    it’s amazing…Google is sharing too much information…if Google stores the pages it has index on there computers….are they sharing the CC details too?

  58. Posted 5 years, 11 months ago // Permalink

    Woah woah woah. That's definitely not good. I give out so much info on the web. I need to begin to watch my back more often. Seriously. It's usually just signing up for companies, but I guess you never know about things these days.

    Thanks for the post.

  59. Posted 5 years, 10 months ago // Permalink

    Many ISP’s log web traffic, and you have absolutely no idea who has access to this data or for how long it is kept

  60. Posted 5 years, 4 months ago // Permalink

    I have to say, I feel most credit cards are scams. Best not to go down that road as youll be paying more in the future.

  61. Posted 5 years, 4 months ago // Permalink

    i just wanted to say…
    ur all acting like… pure ignorant people.

    honestly.

    GOOGLE IS A BIG COMPANY
    if they wanted to crash your life, they would have done it a long time back.. they gather info like cc’s… SO WHAT? if they’re this “bad’ do u reely think they dont have it already? ppl like the cia already know ur cc.. doh…

    i dont know im just feeling ur all so ignorant. and hashes are used because they cant be reversed, so u hash a password, then when u get some input, hash that, check against stored hash. get it?
    also, hashes like MD5 most definitely can be cracked. dont act like ur such noobs… google crack md5 hash. some guy even made this database which had every single 0 to 20 length password with all the alphanumerics and calculated their md5s, and gave an input form online for ppl wishing to crack any. the database was about only 10TB big…

  62. Posted 5 years, 4 months ago // Permalink

    This really scares me…Do Google ever know about this? How could they not find a way to protect those information? Anyway, thanks for the advice!

  63. Posted 5 years, 1 month ago // Permalink

    The whole paranoia of information being leaked on the Internet is an interesting phenomena. Many people, without so much as a thought, use credit cards and personal information multiple times a day at a variety of brick and mortar places. From the largest chains down to the smallest hole in the wall the plastic and your information is thrown on the counter. Yet as soon as you’re on the Internet all of a sudden you’re a target?

    Information, identity and CC theft will happen both offline and online. Being paranoid won’t save you. Due diligence obviously will help but there’s always someone that will be one step ahead of you. Just be careful and relax. As mentioned, its likely thousands of people you’ve interacted with have all your information anyways.

    A simple CC number search in Google will not end your world. The government won’t be jumping with joy for the newly found information. The people who are intentionally stealing this information will be busy getting hundreds of numbers at a time and not waiting for you to key in some personal info in Google.

    Considering all the fears that were exposed in this post I wonder why so many are online?

  64. Posted 4 years ago // Permalink

    Hi there, firstly, I want to let you know that I think it’s a excellent weblog you got here. However, I haven’t found out the way to include your website rss in my feed reader – where’s the link for the rss feed? Many thanks

  65. Posted 3 years, 8 months ago // Permalink

    That’s pretty shocking, although it’s not really Google’s fault. As long as there a crappy coded sites, the only way to avoid this is only ordering from big retailers and skipping the wannabe merchants on the web.

  66. Posted 3 years, 8 months ago // Permalink

    This is nuts!!! I can’t believe it. Although it happened a while ago, its still crazy that things weren’t more secure

52 Trackbacks/Pingbacks

  1. enough times to keep it going all on my own. Sad but true. opal tribble beauty products – Someone from Trinidad and Tobago is looking for you and your beauty products, Opal. I hope they made it to your site! Must Reads – Post of the weekHi Humans! Hi Cows! The Humans think I am an airhead. I’m not really an airhead but they seem to like it if I act like one and feed me more treats when I’m being funny like the robot they named me after. Here is a clip where you can see my name and some

  2. [IMG ] Segundo Alister Cameron, doBlogologist, isso aconteceu com ele. Cameron descreve alguns detalhes da experiência (mas não ensina como fazer esse tipo de busca), dá algumas dicas de como checar se os detalhes de seu cartão podem ter sido hackeados e oferece algumas sugestões de como

  3. card details online. No kidding. I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. [...] (Read on Source)

  4. on the web.  I make sure that I change passwords regularly, I have a couple of different user names, and I am conscious of who I share my details with. And the reason why I do this was reinforce by a post by Alister Cameron  last Saturday called“Did I uncover your credit card details on the web today!?”(now there’s a title to get anyone’s attention). Today I accidentally uncovered a huge list of people’s names, addresses and credit card details online. No kidding. I found more than that: login details to people’s web hosting accounts and

  5. credit card deals online! Compare credit cards for types of credit history. Read all the details and apply online. money Offering Free Credit Card Logos, Visa Logos, American Express Logos, Discover Logos and other Credit Card Logos For Your Website.moneyApply for a Discover Card credit card. Your choices of credit cards include Discover More Card, Open Road Card, Business Card, Student Card, Motiva Card or … money Credit Card Smarts fact sheets are in PDF format. To read PDF documents, you will

  6. Read the whole sorted affair onAlister Cameron’s Blog

  7. and information on what’s happening in each placeTwitter to dump updates for users to followSecurity woes. What’s the e-commerce of your site look like on the inside? Is it developed securely and has it been hacked?Lookat what Google uncovers from your personal information on the web today! Tangential stuff. A couple weeks ago our neighborhood hosted the annual Around The Coyote Festival during Chicago Artists Month

  8. Scary article about how Google affluent people can find your credit card and other personal information and use it for identity theft. Also has some tips on securing your passwords and other personal information. A Great read!Go to Full Article[IMG Reply to This Post] [IMG ] [IMG ] 0 Replies | 5 Views

  9. Bookmarks Server password management is obsolete – Fry-IT (Internet consultancy, web development, mobile services, managed hosting)Did I uncover your credit card details on the web today!?mudd up! » archive » DEFENDING THE PIG – OINK CROAKSColleen – Les Ondes SilencieusesThe Cinematic Orchestra – MotionGrown-up Fig Cookies Recipe – 101 CookbooksTigers & Strawberries » Food News Roundup: More On Picky Kids Around The World, Family

  10. read more

  11. You think you know what it means, but are you up-to-date on the latest tricks and techniques? Some of them are darned convincing. So use filters and software to help you too. For more information and to read more about his posting,please click here >>

  12. Scary article about how Google effluent people can find your credit card and other personal information and use it for identity theft. Also has some tips on securing your passwords and other personal information. A Great read!read more

  13. Toshiba says no to new Xbox 360 HD DVD rumour PS3 firmware update adds DualShock rumble Super Street Fighter II Turbo HD Remix Screenshots A Guide to Shelf Life Is the Treo 800w Coming Soon? Video Clip: Most unlikely Halo 3 deathDid I uncover your credit card details on the web today!?Looking for attractive people? Don’t go to… TiVo supercharges high-def DVRs with latest software upgrade Windows Vista Memory Tweak Guide One PersonÂ’s Trash Is Another PersonÂ’s Lost Masterpiece Most anticipated games of 2007

  14. Improving Photoshop performance © 2006 Crusher, Inc. Creating Liquid CSS Tabs for Menus 27 Very Strange & Funny Signs | Eight Solid How to: Proper Gmail IMAP for iPhone & Apple Mail 15 Great Decluttering TipsDid I uncover your credit card details on the web today!?

  15. Kyle Gardner sharedDid I uncover your credit card details on the web today!?on Google Reader

  16. The Web Entrepreneur’s Customer Service Toolbox: 100 Hacks and Resources – Inside CRM Google Docs Help Center – How can I use spreadsheets to answer some of my many questions about the world?Did I uncover your credit card details on the web today!?フォームのデザインいろいろ – DesignWalker WhatsNewInLeopard – ruby – Trac

  17. Great article on credit card and password security! This is a must read.http://www.alistercameron.com/2007/09/29/google-search-uncovers-credit-card-details/I just went to Google and did a check on some passwords and credit card numbers. Luckily nothing came up. It took me all of two minutes. I suggest you read the article and then go check out your information.

  18. Distractions If you aren’t writing Matchers, you aren’t using RSpec » Grinding RailsDid I uncover your credit card details on the web today!?Daring Fireball: On Joel on Software ★ Everything’s Coming Up Milhouse Rubyisms – MySQL-dump

  19. Great article on credit card and password security! This is a must read.http://www.alistercameron.com/2007/09/29/google-search-uncovers-credit-card-details/I just went to Google and did a check on some passwords and credit card numbers. Luckily nothing came up. It took me all of two minutes. I suggest you read the article and then go check out your information.

  20. neat little tip

  21. July 20, 2008 3:45 pm Dan Freakley Web Life Here’s the current most popular on Alister Cameron.com.Did I uncover your credit card details on the web today!?- 63,046 views The World’s Largest Treehouse for $7 million! – 29,050 views Australia’s next Prime Minister caught on camera eating ear wax – 25,925 views If you don’t have passion and purpose, greater productivity won’t help you! – 19,074 vi

  22. [...] a great post on basic personal web security from “blogologist” Alister Cameron. Cameron mentions that he recently found a text [...]

  23. [...] Alistair Cameron accidentally uncovers your credit info on the web. [...]

  24. [...] Alister Cameron stole your credit card numbers!. Then he goes through some pointers on how to keep yourself secure in the online world of interweb [...]

  25. [...] http://www.alistercameron.com/2007/09/2 … d-details/ David – PRR10 – Affordable SEO services | Internet Business Development | Custom Web site design | Learn SEO | SEO Blog Online   [...]

  26. [...] Google Search uncovers credit card details (10/24) [...]

  27. [...] October 24th, 2007 · No Comments Sa nu-ti vina sa crezi! Articol aici. [...]

  28. [...] Security Posted By: craigdorn  Published in Security, Shopping, credit cards 24Oct Alister Cameron has posted a great article on the perils of online transactions and other security [...]

  29. [...] Search uncovers credit card details http://www.alistercameron.com/2007/0…-card-details/ Last edited by shwetabh : Today at 01:46 [...]

  30. [...] Google Search uncovers credit card details [...]

  31. [...] 2003-2007 by Brent Zupp ThinkGeek :: USB Doomsday Device Hub Did I uncover your credit card details on the web today!? Preemptive Memorial Honors Future Victims Of Imminent Dam Disaster | The Onion – America The Onion [...]

  32. [...] Man Uncovers Credit Card Info Via Google OOPS: Google’s a great tool for findings all sorts of info on the Interwebs. One blogger even found out that you can search confidential information via the popular Web search engine, including credit card numbers and log-in info for various accounts. Apparently, identity thieves who goof and make the directories of their stolen files searchable can inadvertently have said info indexed by Google. The blogger said he accidentally stumbled upon this revelation thanks to a flukey Google search. To see if your confidential data has become Google-able, you can try searching for your credit card info or passwords on Google and see if they come up. Having your stuff not show up doesn’t necessarily mean your info hasn’t been stolen. But at least you know it hasn’t been uploaded to Google by an ID thief who has a brain fart.[Read more] [...]

  33. [...] Finally, do the right thing. If you find stuff that shouldn’t be there, tell the authorities. If you’re a Google Search Guru with all your advanced operator trickery, then it’s even more possible that you’ll come across stuff like I did… but I sure hope not. [...]

  34. [...] bom prevajal, ker je dosti robeSe pa splaèa prebrat. Did I uncover your credit card details on the web today!? [...]

  35. [...] seems suspicious you may well need to contact your bank and cancel the card. Read more about this here. Share [...]

  36. [...] The post in question was regarding Alister’s unintentional uncovering of a list of credit card numbers through Google. While I’m not terribly concerned about someone uncovering my credit card number (let’s face it, it’s hard to buy stuff on a card with no available credit), I did think about the advice he gave about searching Google for your own credit card number. [...]

  37. [...] [from coolkid] Did I uncover your credit card details on the web today!? [...]

  38. [...] users being displayed. This article tells how to check on your card numbers and protectyourselfhttp://www.alistercameron.com/2007/09/29/google-search-uncovers-credit-card-details/ A worm called Storm has been quietly spreading across the internet and has some people very [...]

  39. [...] The blogologist has unearthed all sorts of information on folks by simply entering a bit or information into  a search engine. Check it here: [...]

  40. [...] Interesting story about someone who happened to be happily googling about and ran across some lout’s hidden (albeit rather poorly) cache of stolen credit card numbers, along with other details: I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!) For whatever reason, a hacker has broken into a number of sites and stored the resulting DB dumps into text files that Google came along and indexed, all because this guy’s site’s directories were set to display their contents when no default file is present. [...]

  41. [...] Today I stumbled across a blog post entitled, Did I uncover your credit card details on the web today!? [...]

  42. [...] Your credit cards information can be found on google search.  This article disclosed the details: var addthis_pub = [...]

  43. [...] Finally, do the right thing. If you find stuff that shouldn’t be there, tell the authorities. If you’re a Google Search Guru with all your advanced operator trickery, then it’s even more possible that you’ll come across stuff like I did… but I sure hope not. Technorati Tags: credit card fraud, identity theft, credit card theft, online fraud, identity fraud, phishing, online scams, hacking, google hacks, google hacking, alister cameron, exploits, vulnerabilities, internet security Share This   This entry was written by Alister Cameron and posted on 29 September 2007 at 5:47 pm and tagged: alister-cameron, credit card fraud, credit card theft, exploits, google hacking, google hacks, hacking, identity fraud, identity theft, internet security, online fraud, online scams, phishing, vulnerabilities. // Bookmark the permalink. Follow any comments here with the RSS feed for this post. // Post a comment or leave a trackback: Trackback URL. [...]

  44. [...] Did I uncover your credit card details on the web today!? Today I accidentally uncovered a huge list of people’s names, addresses and credit card details online. No kidding. Credit Cards I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!) [...]

  45. [...] lives in Melbourne and describes himself as a passionate ”blogologist”. Cameron’s most popular post, about stumbling onto people’s unprotected credit card details during a Google search last year, [...]

  46. [...] lives in Melbourne and describes himself as a passionate ”blogologist”. Cameron’s most popular post, about stumbling onto people’s unprotected credit card details during a Google search last year, [...]

  47. [...] the reason why I do this was reinforce by a post by Alister Cameron last Saturday called “Did I uncover your credit card details on the web today!?” (now there’s a title to get anyone’s attention). Today I accidentally uncovered a huge [...]

  48. [...] lives in Melbourne and describes himself as a passionate ”blogologist”. Cameron’s most popular post, about stumbling onto people’s unprotected credit card details during a Google search last year, [...]

  49. [...] Did I uncover your credit card details on the web today!? SAVE [...]

  50. [...] Did I uncover your credit card info? This guy accidentally stumbled upon a database of stolen personal information and goes on to list some security measures. The password advice is really important. I’ve probably told this story before but it’s worth repeating.  A billion years ago I managed an online community (not MSNBC.com) and learned that the passwords people used to log into the message board are often the same they use for their e-mail, social groups, bank accounts, porn subscriptions, etc.  (I’m not sure what the legalities are about the way I learned this lesson so I’ll skip the details but suffice it to say that I was morally justified because of some threats made in the forum.) Anyway, the point is, your password may be visible to a variety of people who work behind the curtain on the sites you log into so it’s a good idea to keep a few different ones. [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*

Current ye@r *

    • marketsamurai.com
    • splash.oiopublisher.com
    • madmimi.com
    • www.medialayer.net
    • Advertise Here

  • My Posts in Your In-box!

    Enter your email address here for instant updates in your inbox, whenever I post something new.
    Your email address is in safe hands. Relax!
© Copyright 2007 Alister Cameron. All Rights Reserved Theme // Sitemap // RSS