Slashdot Mirror


Has Google Indexed Your Backup Drive?

itwbennett writes Depending on how you've configured the device, your backup drive may have been indexed by Google, making some seriously personal information freely available online to anyone who knows what they're looking for. Using a few simple Google searches, CSO's Steve Ragan discovered thousands of personal records and documents online, including sales receipts with credit card information and tax documents with social security numbers. In all cases, the files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router.

5 of 121 comments (clear)

  1. Clickbait-ish Headline by Midnight_Falcon · · Score: 5, Insightful
    When I read this, I immediately thought "Has Google Indexed the Contents of your Google Drive?", in the context of those automatic backups you might have enabled for photos, etc on your Android device. In fact, you're only at risk here if you have configured some type of FTP server or WebDAV (like a QNAP, etc) to have a public IP and have no security whatsoever. So that means having enough technical prowess to accomplish that much, only to leave all your stuff open on the internet for "ease"?!?

    I think much of Slashdot might agree with me that if you're silly enough to deploy a public-facing server with no or default authentication, yeah, you'll probably deserved get indexed by Google.

    1. Re:Clickbait-ish Headline by snowgirl · · Score: 5, Insightful

      yeah, you'll probably deserved get indexed by Google.

      deservedly*

      But not only that, it's not like Google can infer intent to share the data... you put it out there, and Google said, "hey, this is publically available, obviously people want this to be indexed!"

      There's no adequate way to fix this either, because if it's opt-in, then unknowing individuals will fail to opt-in for indexing... if it's opt-out, then unknowing individuals will fail to properly opt-out (robots.txt for example)

      If you put up private data publically on the internet then you simply have to accept the fact that no one else could have known that you didn't want to share the data...

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  2. Re:I'm a little baffled by Dutch+Gun · · Score: 5, Insightful

    I own a Synology NAS, and it comes with all sorts of nifty software that lets it do general server-like things. You can view photos or watch movies from anywhere on the internet. You can set up Wikis, serve webpages, and do all sorts of other stuff.

    I partake in none of this. I use it as a file system, a data backup, and for streaming media to my videogame consoles, and absolutely nothing else. Frankly, opening up your NAS to the internet in any capacity is insane. It's where the phrase "A little knowledge is a dangerous thing" is never more appropriate. Even if you set up everything correctly, you're only a single security flaw away from the entire box being compromised. Most people see all these cool features and are encouraged to experiment with them a bit. No one ever tells them "Hey, if you screw this up, you could accidentally leak all your personal information to bad guys on the Internet."

    It's funny, because you're seeing the same sort of learning process that the professional programmers and IT people have already gone through (or are STILL going through in the worst examples). People first think of cool things they can do with the internet, and then security-related thoughts come only after a disaster strikes. I'm not sure if there's really a fix for this. People will make silly mistakes and get burned, unfortunately. And then they'll know better. Life goes on.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  3. Re:The web crawler would only index it if... by Mashiki · · Score: 5, Insightful

    If this is what amounts to network security these days, we're doomed.

    --
    Om, nomnomnom...
  4. Re:The web crawler would only index it if... by shortscruffydave · · Score: 2, Insightful

    And if you have a web interface on your WAN port then you're most likely doing things very wrong to begin with. If you want a publicly reachable interface into your LAN, don't fucking use your piece of shit router to do it. It's probably chock full of exploits anyhow, but that's a pretty moot point if you've left it wide fucking open for any random script to stumble across and access.

    Hint: If you want people to take notice of advice about IT security, it may be more effective to speak respectfully than to let loose with an expletive-filled tirade