22 May 2013

Reporters Flagged as Hackers after Getting Customer Data via Google Search

When it comes to hacking, search engines turn out to be the tools that get your work half done, or so is the case with a team of reporters from Scripps News who stumbled on a huge pool of customer data via Google Search.

According to a report on Ars, telecom operators called the reporters “hackers” after they found personal information such as social security numbers, financial reports, birth date and home address of Lifeline applicants, a federal program that subsidizes phone service for the less fortunate.

The program inadvertently exposed more than 170,000 records of its subscribers who signed up with TerraCom Inc. and its affiliate, YourTel America. The entire database was publicly available and was subsequently indexed by Google.

On April 26, Scripps News found the private information through a mundane Google search and warned the affected operators about the breach. While the records were rapidly taken offline, the companies also lashed at the reporters calling them “hackers.” The two telecom operators stated that the reporters used “automated” methods to access the data on the servers, such as WGet – a free tool used to download files from the Internet.

“This is a very serious matter and we are actively investigating the full extent of any security breach,” said TerraCom lawyer Jonathan Lee. He also mentioned that “civil litigation is highly likely,” even if the reporters accessed these records without circumventing any security mechanism.