The article states the exact search that reveals credit card numbers and complete matching user information. It appears that Google has contacted the top results because those pages have been taken offline. However you can still click on the Google's cached version. This issue has been around for a long time and will always be around as long as there are stupid people managing databases with personal information. Another common problem is college databases with social security numbers that are accessible via the web.
If you are worried about your information, DO NOT search for your credit card number. This will only expose your credit card number to more unsecure databases.
Msg#: 25789 posted 10:58 am on Sep 18, 2004 (gmt 0)
I still can't believe that people are submitting their credit card details without checking for the secure logo in their browser. They just assume that it is safe.
Even more astounding is that I receive two or three emails a month from people detailing their credit card information in emails! And they're not even supposed to be coming to me, they are trying to email their bank and my web address is similar. Sometimes I wish I was more dishonest, I could retire earlier ....
If you're an online merchant, unless you have a subscription-based service there is no manditory reason to actually keep full credit card information for purchases - just keep the first and last 4 digits so you can resolve chargebacks etc (or keep a hash of the full CC number if you want to get fancy). You'll never have to worry about your customers being compromised by a mishap or a hacker.
It means that users will have to retype their CC info to make another purchase, but if they are wanting to buy something (and have made a purchase before) its not a huge barrier.
I heard that now google can be indexed SSL (https). You can check it out from searching this inurl:https directory in google. You will see the first listing is Secure URL. If that, what going on with Secure page?