WARNING! Google Search Reveals Credit-Card Numbers

---snip

The search request was simple. Using a researcher's Visa debit card, we started with the first four numbers on the card and extended the span of possible number combinations. So we entered in the google.com search window: visa 4060000000000000..4060999999999999.


The result was a long list of Visa card numbers complete with name, address, phone number, expiration dates and a list of recent purchases. In less than two seconds, we found everything a cyber crook would need for one heck of a shopping spree or a fresh new identity.

---snip

http://news.yahoo.com/news?tmpl=story&u=/nf/20040916/tc_nf/26967

------------------

Apparently, some websites store credit card numbers in a way that shows up on search engines.

It might a good idea to Google your own credit card numbers to make sure they don't show up (mine didn't). If they do, requesting a new card might be a good idea

:beer:

but there are all kinds of clueless small businesses trying to make money on the internet.

I had some job responsibilities in telephone fraud a few years ago, and it's amazing what loopholes open up sometimes.

forum?
Someone in her state got a hold of voter registration sheets and sent in changes of address for them! How widespread could this be? Another reason to vote absentee, I think.

:hi:

you might as well post it online

you've just posted your card number to an unsecure form! (non-https) and advertisers on google.com get search terms in their statistics.

SCARY... Example

Google card query

and it does appear that there are some search results with name, VISA number, expiration date, and IP address. Censored example (original had full name and number):

VISA::Mary H********::4820XXXXXXXXXXXX::06-04::205.XXX.XXX.XXX]

On Edit: It looked like this site was storing new memberships for some local association, so the security probably wasn't that good. But what's even stranger is that the website used secure http (the URL started with "https").

of numbers so your individual number doesn't come up.

But even if it does, there wouldn't be any name or associated information with it. That's what makes me more concerned.

This whole thing is oozing of SCAM.

According to one hacker's site I visited. Also, the query doesn't work for me; even using my own cc#

To completely close the loophole, you would need to eliminate all the "number range" features on all the search engines -- otherwise, you could just go to Dogpile, Northern Lights, or some foreign search engine. The only other way would be to eliminate all the insecure storage of credit card numbers.

I'm wondering whether the hackers are only pretending to be stymied.

doesn't it end up in some cache somewhere?? isn't it dumb simply to type in any private# into google. Albeit checks need to be done to see if private numbers can be easily searched but this seems like a very dumb way to do it, in fact makes the problem worse.

although just having a credit card number without a name or expiration date is not as useful as having all the information.

A better way to check might be to use a number range. You can use the number range feature of Google, put your credit card number on both ends of the range, and change the last two digits to "00" and "99" respectively. That will cover a range of 100 possible card numbers.

3] Almost everybody has heard of this hack. Google spits out credit card numbers when you type visa+4356000000000000..4356999999999999 (this hack no longer works.)

http://pepechingon.com/

Like I said, I know nothing...


:-)

I smell an internet urban legend in the making.

I was able to get some names, numbers, and expiraiton dates this way, including the Mary H mentioned above who may not know her credit card is available on the net.

The article picked up by Yahoo came from a legitimate business periodical on Customer Service:

http://crm-daily.newsfactor.com/

some major credit card company computers early this year or sometime last year.

Wouldn't surprise me if a lot of this was available somewhere after the hackers were done with the info . . .

Small sites which use credit cards and don't take steps to make sure the data files are NOT available to web searches. The hits I got looked mostly rinky-dink.

The worst thing about this is that you don't even have to be a hacker, just someone capable of using Google.

That way, if this is any sort of scam at least they will be scamming a closed account that can't be used. I'll report back on my findings.

:shrug: Did not match any documents. No pages were found matching #####

Most card numbers are probably NOT able to be Googled.

Nevertheless, there seem to be many that are. Depends if you gave your number to an amateurish website that didn't secure it properly.

Just as described above.

Fascism: We Report You Decide
http://cronus.com/quiz

You might be a Republican if...
http://cronus.com/quiz

Commentary by a Republican...
http://cronus.com/republican

The REAL Republican Platform...
http://cronus.com/platform

Bush's Illustrated Resume
http://cronus.com/bushresume

Isn't That Strange?
http://cronus.com/oil

:)

to do in the header,,and some guys address and full credit card number, (among many others) showed up where he bought a machine gun
for $18,000.

I'm not kidding.

whewww

This is scary.

But it certainly didn't have all cc numbers.

How would I find out directly if mine is on?

Use first four # and last four #

and making the last two "00" to 99". That way, your number is hidden in a range including 99 other cards.

you put in MC or mastercard

The sites that I saw probably didn't discriminate. They had card numbers, names, expiration dates, along with a ton of irrelevant stuff. Most card numbers are not on the web, but some are.

how to put in M/C

is it Mastercard or
M/C or

MC

darn it. someone paid me a loan by sending it to my credit cards and
put it on line. damm

the only purpose is to avoid extraneous hits like the 1 million digits of pi or long encryption strings. Maybe there's another term that would show sometimes for these sites.

purchases with a pre paid Master Card. If the number gets intercepted or stolen from a site I won't lose more then what is currently on it. Never more then $500 on it.

i find this very unsettling