Protect Insider Data By Googling First, Often

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/insider-threat/167801100/security/security-management/232301074/protect-insider-data-by-googling-first-often.html

By Robert Lemos
Contributing Editor
Dark Reading
Dec 27, 2011

In June, a security researcher searching for passwords files on the 
Internet stuck gold: A database file of 300,000 users of Groupon 
subsidiary Sosasta had inadvertently been placed on a publicly 
accessible online server. The company quickly took it down after being 
notified, but the damage was done.

Google hacking, where an attacker searches for common vulnerabilities or 
sensitive data, can be an extremely efficient way to find accidentally 
leaked insider data. Millions of records are available to anyone with 
the ability to create specific searches on Google and Bing and the time 
to cull the results for interesting data, according to Francis Brown, a 
managing partner at security consultancy Stach & Liu.

The incident involving Sosasta's data is not uncommon. In August, both 
Yale University and Purdue University notified students, faculty, and 
staff that a total of about 50,000 records, including Social Security 
numbers, had been exposed to the Internet because specific files had 
been publicly accessible.

"There are a number of instances where people, by accident, have found 
huge data exposures," Brown says.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn