Googleing yourself. There’s almost a naughty sound to that isn’t there? For those who don’t know, Googleing yourself is simply the art of searching for your name. There is no doubt that any person active online should practice this with some regularity. Googleing yourself is a common tool for those who are trying to manage their personal image. Most employers will Google their prospective employees. Googleing yourself lets you see what they see and gives you a chance to manage that image better. If you’re using Google+ or Twitter then seeing where your posts are spreading online is a good way to see who’s interested in you as well. It’s also a great preventative activity against identity theft.
Not familiar with Googleing yourself? Well before we get into the anecdote (it’ll make you WANT to Google yourself after) let’s look at the quickest and best way to see what your online persona is doing. There are dozens of people search engines out there, but Google remains one of the most simple and comprehensive tool out there. That said, when you review your results, keep in mind who is the real you and who isn’t. 1) Start by Googleling your name in quotations, like “Firstname Lastname”. This is a good general search that will show the public information most likely attributed to you. 2) Search any unique usernames or abbreviations of your name you’ve used ie: Twitter handle, forum username. 3) Finally, search your most commonly used email addresses in full. Be sure to type “[email protected]” – you probably won’t get any results. If you do, pay close attention to these. This is where identity theft will come into play.
The email address search is where the story gets interesting. Recently after a routine Googling of myself (I have a lot of twitter and website posts generating a lot of results) I moved on to my personal email address. Usually the results are simple, there are none. In this occasion there were several hits, most to my old website. Ooops! You’re email should never be in plain text on a public website like that unless you really, REALLY like getting spam. But then an entry caught my eye. I recognized it quickly as an SQL dumb file; a plain text backup of a database. My email was in there. Quickly clicking on the link and perfoming a document search not only revealed my email, but my full contact information along with thousands of others! All in plain text, freely available for anybody to search. What’s worse, it’s in a database friendly format; anybody who wants to import and manipulate the data can with a few mouse clicks.
The things someone who knows what to do with SQL can do with this is endless. Even passwords are in this database.
How did my information get here? And where is here that my information is sitting? Once you’ve discovered information these are the questions you need to ask. My familiarity with all things technical quickly found that I was on some person’s on-line storage page. Judging by the content they did contract work for promotions for some VERY big clients. None of the content was protected. This person had made database backups of a contest entrant database into this directory, along with the full contents of the companies contest page. Not only was mine and several other thousand entrant’s information there, it was there in multiple copies.
The company in question obviously didn’t do this intentionally. Judging by the fact that this site is freely posted, this isn’t a hacker’s dumping ground either. But, it is a hacker’s/spammers paradise. I’ve reached out to the company in question via Twitter, but they have not been responsive. This is kinda a big deal.