BreachExchange mailing list archives
35m Google Profiles dumped into private database
From: security curmudgeon <jericho () attrition org>
Date: Wed, 25 May 2011 19:41:02 -0500 (CDT)
http://www.theregister.co.uk/2011/05/25/google_profiles_database_dump/ 35m Google Profiles dumped into private database Easy as pie By Dan Goodin in San Francisco Posted in ID, 25th May 2011 23:33 GMT Proving that information posted online is indelible and trivial to mine, an academic researcher has dumped names, email addresses and biographical information made available in 35 million Google Profiles into a massive database that took just one month to assemble. University of Amsterdam Ph.D. student Matthijs R. Koot said he compiled the database as an experiment to see how easy it would be for private detectives, spear phishers and others to mine the vast amount of personal information stored in Google Profiles. The verdict: It wasn't hard at all. Unlike Facebook policies that strictly forbid the practice, the permissions file for the Google Profiles URL makes no prohibitions against indexing the list. What's more, Google engineers didn't impose any technical limitations in accessing the data, which is made available in an extensible markup language file called profiles-sitemap.xml. The code he used for the data-mining proof of concept is available here. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- 35m Google Profiles dumped into private database security curmudgeon (May 31)