Customer databases that include credit card numbers can be found by searching on Google.
According to research by internet hosting firm UKFast, consumer credit card details are still openly available via a search, with one database found to contain the details of almost 4,000 customers of an events company – including names, emails, full postal addresses, account usernames and passwords.
Lawrence Jones, CEO of UKFast, said: “Twelve months ago we revealed that with a simple Google search, anyone could find databases filled with sensitive personal data from both customers and suppliers – including full credit card information.
“A year later we find ourselves in the situation where this information is still readily available. The value of these databases has hugely increased now thanks to the reams of information we place on social media. Cyber criminals can not only sell credit card details but whole identities, as openly as you would sell a pair of shoes.”
The company said that many businesses are oblivious to the fact that storing card and personal details live on a web server leaves them searchable by Google.
Neil Lathwood, IT director at UKFast, said: “Google is extremely good at indexing, so any indexable backup files stored on the server may not be linked to from the website but can still be found through Google. This means that anyone, even without advanced technical skills, is able to find it.
“The key is not to have your backup files stored unencrypted and live on the server – this is the most common security failure that I see, and to be honest, it is just lazy.”