Lost in the clouds: Your private data has been indexed by Google

Personal and sensitive information discovered with a few simple searches

1 2 3 Page 3
Page 3 of 3

How were the files discovered?

They were found on Google, using standard search operators.

allinurl:ftp:// XXXX filetype:txt | xls | doc | docx | jpg | jpeg | pdf

You can replace XXXX to match any host name you choose, such as:

  • comcast.net
  • bhn.net
  • mchsi.com
  • optonline.net
  • cox.net
  • rr.com
  • verizon.net

The search tells Google to only show FTP results, where the URL contains an address from XXXX. The other search operators tell Google to look for FTP addresses that have text files, PDFs, Word documents, Excel documents, or images indexed.

Anyone with FTP enabled on their router and a storage device connected to the network; or those who use devices that offer public cloud access, but didn't configure them correctly, will appear in the search results.

How do I know if my files are online?

Search for your host name. If you're not sure what your hostname is, you can find it here.

Once you know the hostname, open a browser and point it to:

ftp://[hostname]

Example: ftp://xx-xx-xx-xxx.res.bhn.net

You can also search for it on Google or other engines: "xx-xx-xx-xxx.res.bhn.net"

I've found files? How do I get them offline?

You can ask Google and the other search engines to remove them.

Google's removal tool is here. The removal tool used by Bing, which is also where Yahoo gets their results, can be found here. You'll need the exact URL of the listing. You can try a generic top-level listing, but you may have to list each URL separately.

For example:

This might work: ftp://xx-xx-xx-xxx.res.bhn.net

But you should be ready to request all of the following:

ftp://xx-xx-xx-xxx.res.bhn.net

ftp://xx-xx-xx-xxx.res.bhn.net/folder/file1

ftp://xx-xx-xx-xxx.res.bhn.net/folder2/file2

Remember, removing the indexed files form the search engine does not fully fix the problem. You'll need to ensure you're using your personal cloud device correctly, or ensure your router is configured properly.

How do I make sure my router is configured correctly?

If you've discovered your files online, and you don't have any sort of personal cloud device, then it's likely your backup drive is connected directly to the router with FTP enabled. You'll have to contact your ISP for assistance.

If you are using a router not provided by your ISP, you'll need to make sure that remote management is properly implemented and that FTP access is completely disabled. The router's manual can explain it, and again, the support department can help you.

How do I make sure my personal cloud is configured properly?

While researching this story, one of the following personal cloud devices were being used by someone who had their files indexed:

  • Seagate Personal Cloud
  • Seagate Business NAS
  • Western Digital My Cloud
  • LaCie CloudBox

In each case, the user manual explains how to configure the device properly, as well as how to implement remote access securely. You should contact the respective company's support department for additional help.

Making the trade

Instant access is something everyone wants. The trick is to remember the trade-off; more access often equals less security. To put it another way, when it comes to personal clouds and data access, choose two of the following:

Unlimited access to data; easy access to data; security.

1 2 3 Page 3
Page 3 of 3
NEW! Download the Fall 2018 issue of Security Smart