RSS Alerts

Related Stories

  • Twitter accounts being hacked by cybecriminals looking for value
    Internet user accounts and passwords – known as credentials in security circles – are rising in value and, say some reports, the credentials on Twitter, the social networking portal, can be worth up to $1000.
  • HMRC phishing attacks offer cash rebate as lure
    Yesterday was the last day in which UK taxpayers could file their 2008/2009 tax returns online – without getting fined for being late – and HMRC reports that tens of thousands of fraudulent phishing emails were sent out last week.
  • Industry-wide web email attacks spreading
    Reports are coming in of web-based email services from the likes of Gmail, Hotmail and Yahoo being hacked, and large numbers of user account details being posted to the internet.
  • Symantec admits card data probably leaked from India
    In a response to a BBC investigation into the leaking of payment card data from Indian call centres, Symantec's Indian operation has admitted that card data on three of its customers may have been leaked from its call centre contractor in India.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

News

Google indexes details on thousands of credit and debit cardholders

29 May 2009

Police in Victoria, Australia are investigating a potentially major security incident in which the stolen personal details of thousands of credit and debit card holders from Australia, Germany and the UK were posted to a blogging site and auto-indexed into the Google search engine.

According to the Australian newspaper, the card details may have originated from a card data skimming operation involving a holiday company, although the data's precise origin is unknown.

What is known, however, is that data files containing the skimmed payment card data were posted on a blog site, and then indexed in Google's search engine in late April.

This means that anyone keyword searching for card data using advanced Google search engine syntax would obtain access to the data, which is essentially a large identify theft starter kit, Infosecurity notes.

Data found in Google's search engine reportedly included card numbers of Amex, Visa and Mastercard accounts, together with their expiry dates, cardholder names, addresses, phone numbers and email addresses.

Australian police are quoted as saying the data probably originated from the skimming of card terminals and ATMs.

It remains unclear what the motive of the blogger, who has not been traced, was in posting the data.

Police say that have closed down the blogging pages with the data and are now working with Google to remove the data from its index caches.

 

 

This article is featured in:
Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water