What Are Google Dorks? How Google Exposes Your Private Info — Updated

Update: July 25th, 2013 this article has been corrected to reflect Google is not at fault for Google Dorks. Update: January 15, 2014: This article is still very popular, so you should check out how Google is fighting back against Google Dorks UPDATE: I have written an article meant for webmasters, so they can protect users from this privacy breach.

Almost every website you visit has a private “virtual notebook”, also known as a database  stores everything you do on that website. If you give the site your credit card number or social security number, it is kept in their “virtual notebook”.  You leave the site, believing that no one except you can get your information. Unfortunately, the entire world can get any information you’ve entered on almost any website, if your site doesnt hide private information from Google Search. Google Search indexes everything that is made public including “virtual notebooks” and the  information stored within that notebook in their search results. If you’ve given a site your credit card number or social security number, then there is a very high chance that site isn’t secure and has that information open to the public then Google will automatically add the info to Google Search.

This information is very easy for anyone to find, especially for cyber-criminals because Google has made it so  anyone can do a Google search with the words filetype: and then the extension for “virtual notebooks”.

I contacted Google immediately when I discovered this problem believing that they would want to fix it. I was wrong. They were fully aware that people can find your info, but they feel that they can’t stop it, nor is it their job to “censor or curate” their results unless they are required to do so by law.

Update: July 25th, 2013 It is extremely hard to hide almost every security hole and if Google did, then your site wouldn’t be seen by as many people. It is the webmasters job to hide information they dont want the whole world to see, like Google said last year. Google said that it is the webmasters job to hide any information that shouldn’t be seen. I am not sure why Google believes they can’t hide your personal information from the world,  since their competitors Bing and Yahoo! are able too. Update: Bing and Yahoo and every single other search engine also show private information you should hide.

I  found it odd that anyone who uses  Google Blogspot or Google Sites will have their “virtual notebook” appear in  Google search results. Google is the Webmaster for those two sites, yet they aren’t hiding those “virtual notebooks” from their own search engine. I would like to note that as far as I can tell Facebook has hidden their  “virtual notebooks” from Google Search. You may read our technical article on how to hide your database, if you aren’t doing so already.

 A website Which is all about Google dorks has been keeping  track of Google indexing private information that sites don’t hide from their search engine since 2003. In 2003 they were adding some  passwords to the search engine. I am not legally allowed to link to the site  I am referring to, because the information on that site could help people commit cyber-crimes and break the Computer Fraud and Abuse Act of 1986.

At the beginning of the article I said I would let you read the entire reply from  Google, so here it is.

  If you would like to view the full sized email screenshot and download it click here

Email From Google About Personal Info Exploit

Official letter from Google saying that they will not stop their search engine from exposing info from databases.

Did you know Webmasters were violating your privacy? Do you think They should be held responsible for this? Let us know in the comments! LEGAL NOTICE: This information is published to educate the public about this security issue. You are prohibited to use this information to violate the Computer Fraud And Abuse Act of 1986. You are prohibited to use this information for anything that is illegal or violates any law, statute, act, etc. You will indemnify, defend and hold harmless, the author of this article, and Planet Zuda, LLC from and against any damages and costs, including attorney fees resulting from anyone misusing and or abusing the information in this article.

Planet Zuda, LLC is an internet security consulting company that provides companies large and small with their web application security.

Posted in product news Tagged with: ,
2 comments on “What Are Google Dorks? How Google Exposes Your Private Info — Updated
  1. Your embedded picture opens for me in an 404 error http://planetzuda.com/2012/06/29/google-exposes-all-your-e-data-from-non-google-websites/google-reply/

    • princezuda says:

      Andreas,
      I fixed the error that was preventing you from openin up the picture. What do you think of the article? —– Original Message —–
      From: Disqus
      To: princezuda@planetzuda.com
      Sent: Friday, June 29, 2012 11:37 PM
      Subject: [planetzuda] Re: What Is A Google Dork? How Google Exposes Your Private Info

1 Pings/Trackbacks for "What Are Google Dorks? How Google Exposes Your Private Info — Updated"

Enter your email address to subscribe to planetzuda.com and receive notifications of new articles by email.

terms of use | privacy policy