Lost in the clouds: Your private data has been indexed by Google

Personal and sensitive information discovered with a few simple searches

data cloud

Our lives are digital now.

Everything we do online leaves a trail that leads directly to us; something privacy advocates are fighting to eliminate. However, we're our own worst enemy when it comes to privacy, and personal cloud adoption has done nothing to help the situation.

Each day millions of people across the globe create backups of their files. These backups are supposed to offer a measure of assurance that their files are safe and easily recovered if needed. But that's not entirely true.

In fact, depending on how you've configured the device, your backups are freely available online to anyone who knows what they're looking for.

Note: The term personal cloud might seem a bit confusing. For context, as it relates to this post, a personal cloud is what you have after you've stored files online or a device in your home that you can access via the Internet. The concept is one that would allow you to access your files from anywhere, at any time, on any Web-enabled device.

For consumers, the lure is the promise of instant availability. Do you want to share files with others living in your home? There are devices that offer such a function. Perhaps you want to access files stored at home while you're away on business or on vacation. If so, plenty of software or hardware-based solutions offer this feature.

But when you trade security for access, things can go horribly wrong rather quickly.

Think about it. If everything you've ever saved to an external hard drive suddenly appeared on Google, what sort of things could a person learn about you? What could they learn about the businesses or people connected to you?

Using a few simple Google searches, XSS discovered thousands of personal records and documents online.

The items discovered were deeply personal in some cases. There were business documents too; sensitive files that could cause regulatory problems, as well as files a competitor could use to gain an advantage. This is in addition to the files owned by government agencies and school corporations.

The files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router. If FTP was enabled, the likely cause is accidental. Yet, there were cases where the setting was enabled intentionally, but the impact of such an action wasn't fully understood.

No matter the root case, the result is the same.

The devices in question are acting as FTP servers, using the person's IP or hostname as an address. The backups are fully indexed and require no authorization to access. Because of this, search engines have treated the external drives as public archives.

Unfortunately for some people, there were enough records indexed by Google to relive their entire life. All of their wins, losses, and personal struggles over the last decade were unknowingly archived for the world to view.

Next: What did we find?

1 2 3 Page 1
Page 1 of 3
FREE Download: Get the Spring 2019 digital issue of CSO magazine today!