Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Google Indexed Your Backup Drive?

Posted by samzenpus on from the it's-out-there dept.

itwbennett writes Depending on how you've configured the device, your backup drive may have been indexed by Google, making some seriously personal information freely available online to anyone who knows what they're looking for. Using a few simple Google searches, CSO's Steve Ragan discovered thousands of personal records and documents online, including sales receipts with credit card information and tax documents with social security numbers. In all cases, the files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router.

6 of 121 comments (clear)

  1. Clickbait-ish Headline by Midnight_Falcon · · Score: 5, Insightful
    When I read this, I immediately thought "Has Google Indexed the Contents of your Google Drive?", in the context of those automatic backups you might have enabled for photos, etc on your Android device. In fact, you're only at risk here if you have configured some type of FTP server or WebDAV (like a QNAP, etc) to have a public IP and have no security whatsoever. So that means having enough technical prowess to accomplish that much, only to leave all your stuff open on the internet for "ease"?!?

    I think much of Slashdot might agree with me that if you're silly enough to deploy a public-facing server with no or default authentication, yeah, you'll probably deserved get indexed by Google.

    1. Re:Clickbait-ish Headline by snowgirl · · Score: 5, Insightful

      yeah, you'll probably deserved get indexed by Google.

      deservedly*

      But not only that, it's not like Google can infer intent to share the data... you put it out there, and Google said, "hey, this is publically available, obviously people want this to be indexed!"

      There's no adequate way to fix this either, because if it's opt-in, then unknowing individuals will fail to opt-in for indexing... if it's opt-out, then unknowing individuals will fail to properly opt-out (robots.txt for example)

      If you put up private data publically on the internet then you simply have to accept the fact that no one else could have known that you didn't want to share the data...

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  2. I'm a little baffled by squiggleslash · · Score: 5, Interesting

    So there are lots of people out there who are:

    1. Enabling FTP on their NAS boxes.
    2. Enabling anonymous access on this FTP service
    3. Allowing their Firewall/Router to let incoming FTP connections directly to the NAS box.

    I mean, the authors suggest those enabling FTP do not realize the implications, but how can you do ALL THREE and not realize the implications? Any one of those, particularly disabling anonymous access, would foil random search engines (and lazy hackers) trying to get at your files. But to do all three at once?

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:I'm a little baffled by Dutch+Gun · · Score: 5, Insightful

      I own a Synology NAS, and it comes with all sorts of nifty software that lets it do general server-like things. You can view photos or watch movies from anywhere on the internet. You can set up Wikis, serve webpages, and do all sorts of other stuff.

      I partake in none of this. I use it as a file system, a data backup, and for streaming media to my videogame consoles, and absolutely nothing else. Frankly, opening up your NAS to the internet in any capacity is insane. It's where the phrase "A little knowledge is a dangerous thing" is never more appropriate. Even if you set up everything correctly, you're only a single security flaw away from the entire box being compromised. Most people see all these cool features and are encouraged to experiment with them a bit. No one ever tells them "Hey, if you screw this up, you could accidentally leak all your personal information to bad guys on the Internet."

      It's funny, because you're seeing the same sort of learning process that the professional programmers and IT people have already gone through (or are STILL going through in the worst examples). People first think of cool things they can do with the internet, and then security-related thoughts come only after a disaster strikes. I'm not sure if there's really a fix for this. People will make silly mistakes and get burned, unfortunately. And then they'll know better. Life goes on.

      --
      Irony: Agile development has too much intertia to be abandoned now.
  3. Re:The web crawler would only index it if... by Anonymous Coward · · Score: 5, Informative

    robots.txt has nothing to do with security or blocking.

  4. Re:The web crawler would only index it if... by Mashiki · · Score: 5, Insightful

    If this is what amounts to network security these days, we're doomed.

    --
    Om, nomnomnom...