Google Has Been Indexing Network-Connected Backup Drives

Google Has Been Indexing Network-Connected Backup Drives

Connecting a hard drive to your home network is a smart idea: it can let you access your files no matter where you are. But now it seems that, in some cases, Google has been indexing the private files held on such devices.

An investigation by CSO reveals that some mis-configured personal cloud devices and external hard disks connected to routers with FTP enabled have been indexed by Google. That means that personal files have been treated as public archives, which can be found via Google searches. CSO explains that it’s identified a slew of files found in this way, including:

passwords, private photos (SFW / NSFW), personal journals and diaries, family genealogy documents, email correspondence, general household documentation and records, passports, state IDs, tax records, financial statements, credit card statements and account details, mortgage documents, banking statements and account details, birth records, death records, research and development planning, sales planning, customer lists, prospect lists, and more.

Gulp. It goes on to explain a case study, in which it found the back-ups of a family’s computer stretching all the way back to 2009 via Google. In that case, their data had been archived on a Western Digital hard drive that was connected to a Linksys WRT1900AC router, which had FTP enabled. Indexed by Google, the family report they suffered a spate of compromised credit and debit cards as a result.

CSO points out that users with Seagate Personal Cloud, Seagate Business NAS, Western Digital My Cloud and LaCie CloudBox hardware have in particular been affected. If you’re worried that you might be in a similar situation, CSO has a very thorough guide explaining how you can go about checking whether any of your files have been indexed. If they have, you’ll then need to get in touch with Google to have them removed — and change some settings on your hardware, too.

Of course, it’s not really Google’s fault: it simply crawls the web looking for data. Rather, its sloppy default settings on network equipment or ill-considered choices by users that have allowed this to happen. Either way, it pays to check if you’ve been using a network connected hard drive. [CSO]

Picture: Michael Hession