William Reardon’s Blog

This advice is so spectacularly bad, I have to wonder if it really did come from Google:

“ Minor Google Security Lapse Obscures Ongoing Online Data Risk“

Google also encourages users to use its search engine as a free credit card and Social Security number monitoring service for Web-based content. “We also suggest that individuals create Google Alerts for their credit card and Social Security numbers,” the company recommends. “You can be notified once a day or once a week if a new result appears on Google for this query.”

Uhh, doesn’t Google Alerts submit data in clear text? As well as display it back, including the suggested credit card number, in clear text? Yes, yes it does. Check it yourself.

It’s a bad idea to submit private information such as credit card numbers, social security, etc. over the Internet, unless it’s a secure connection (e.g., when you see https and not http). Which, as of now, Google Alerts doesn’t even allow.

Making things worse, there’s an email confirmation off your alert. That in of itself is a Good Thing and prevents someone else for creating alerts for me. But if I enter my credit card, I now get a clear text email of my credit card number. Never, never, never email credit card numbers around. And if you get one with your’s it, play it safe, cancel the card, and send a very, very nastygram to the merchant.

Update: Turns out it is from Google: “We also suggest that individuals create Google Alerts for their credit card and social security numbers.”

This entry was posted on Wednesday, January 24th, 2007 at 12:58 am and is filed under nerd-ness. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.