Companies and individuals need to be more aware of their true security exposure while using the Internet for work and socializing, say Francis Brown and Robert Ragan, co-managing partners at Stach & Liu, the Phoenix-based security consultancy that developed the tool.
Wide use of NotInMyBackyard could also help motivate providers of the Web’s most popular services to pay closer attention to the mountains of consumer data they are collecting and storing online, Brown says. “Hopefully, these tools will shine a spotlight and put pressure on these companies to stop playing fast and loose with individuals’ personal information,” Brown says.
Anyone can type an e-mail address, financial account login, Social Security number or any other sensitive data into NotInMyBackyard. A few minutes later, the tool will divulge whether someone has stored that piece of information on a social network, online storage service, or in a college, hospital or local agency database that has been hacked.
You will have to use your own initiative to get the organization storing the data to remove it from the Internet. It might be a hassle, but you should sleep better.
“Placing these capabilities in the hands of consumers will mean sensitive information left unprotected online should be more easily located — hopefully in advance of identity fraud,” says Bryan Sartin, director of Verizon Enterprise Solutions, which investigates corporate data breaches.
Criminals have long been using these same techniques by using search engines, particularly No. 1 Google, to find and steal sensitive data. This information flows into the cyberunderground where it fuels identity theft, online scams and cyberespionage.
Google spokesman Jason Freidenfelds says Google sponsors numerous security initiatives and maintains a team of engineers and product managers focused on security. “We do a lot to protect our users, on Google and across the Web,” he says.