Slashdot Mirror
Google Antiphishing Site Exposed Private User Data
Juha-Matti Laurio writes "Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. This information was submitted to Google by Firefox users with the browser's internal antiphishing toolbar. This feature, developed in cooperation with Google, enables users to report potential phishing sites to Google's blacklist database. Google has reportedly implemented a new mechanism detecting login data in submitted URLs to prevent sensitive information from getting posted to the list." The article notes that news of this minor lapse may obscure the ongoing problem of sensitive data exposed on the Web and findable via Google and other search services.
"Google also encourages users to use its search engine as a free credit card and Social Security number monitoring service for Web-based content. "We also suggest that individuals create Google Alerts for their credit card and Social Security numbers," the company recommends. "You can be notified once a day or once a week if a new result appears on Google for this query."
As if google doesn't know enough about us, whats next, check google to see if someone is eating the same meal as you for breakfast?
"This information was submitted to Google by Firefox users with the browser's internal antiphishing toolbar." So, the antiphishing toolbar is submitting full URL's without stripping them of uids/pwds/hashes. Sounds like both FF and Google are to blame for this one.