Finjan recently reported (MPOM report) on a Crimeserver hosting 1.4G of unprotected stolen data, including passwords, medical data, emails etc. A few days ago they found yet another.
To demonstrate how easy it is to access the data and how vulnerable the data are once stored on an unprotected Crimeserver, the following examples should raise some eyebrows.
As Finjan disclosed in their Q3/2006 Trend report, malicious code is hosted on caching servers of leading Search Engine Providers. This time they reported in their recent MPOM that stolen end-user data is also stored on these caching servers. Yes, your passwords, Social Security numbers, Online banking information… no data is safe, as the image below illustrates.
So if you are looking for some stolen login credentials… Google it!
Finjan claims they share their experience and findings to increase public awareness of the growing cybercrime problem.
Finally, please don’t blame Google – they just indexed the unprotected Log files found on the Crimeserver as they do with any other public file their crawlers find on the Web. Scary isn’t it?