|
|
|
|
|
|
27.07.11
|
Searchable Secrets
|
|
|
By Tai Adelaja
|
Russian online shoppers were given new cause for alarm this week, as fresh reports of privacy breaches by popular search engines revealed their vulnerability to identity theft. Informzaschita, a Moscow-based information security services provider, said on Monday that by using Yandex, the Russian equivalent of Google, it was able to access potentially compromising information about Russian online shoppers. Personal data retrieved by the firm using simple search terms included details of buyers’ orders, as well as their names and E-mail and home addresses, the company said in a presentation sent to reporters on Monday.
The revelation comes hard on the heels of reports of a mass leakage of text messages at MegaFon, Russia’s number two cell phone operator, last week. MegaFon, which has 57 million customers across Russia, initially blamed Yandex, where the 8,000 messages popped up, saying the search engine’s browser toolbar might have caused the leak, RIA Novosti reported. The company later retracted its statement, saying the leakage occurred due to a technical glitch with its own site’s external administrator. Though Yandex removed the items from its search index hours after the mass leak, the incident was serious enough to attract threats of legal action from Russia’s federal media regulator, as well as prosecutors.
Russia's leading Internet expert Anton Nosik said in a blog posting last week that a similar problem struck the EMS Russian Post delivery service, whose data on parcel tracking, including the names and addresses of senders and shipment costs, could be fished out from the Yandex cache. Over the past ten days, four major leaks have occurred through search engines on RuNet, as the Russian Internet is known, RIA Novosti reported on Wednesday. In addition to MegaFon and shopping Web sites' leaks, information about buyers of electronic tickets, complete with dates, flight numbers and passenger names, appeared online on July 26, the agency reported. Fresh reports coming in on Wednesday suggest that confidential information from key Russian ministries has also been exposed on the Web through search engines, according to RIA Novosti.
The fresh reports that the personal data of online buyers is easily retrievable through search engines appear to be raising more serious concerns among Russian security experts. Informzaschita analysts said they retrieved the data from a pool of information indexed and cached by Yandex by simply using customized search requests. However, similar search requests made by Vedomosti business daily on Google, Bing and Mail.ru have all turned up the same customers’ data, the newspaper reported. Such findings could further spook already overcautious Russian shoppers, who may now find it difficult to enjoy a peace of mind when searching around for the best deals on the Web, experts say.
The latest problems, experts say, emanate from how Web site administrators configure their shopping sites to protect sensitive Internet files from being indexed by search engines. Yandex, the company at the center of the controversy, issued a special statement on Monday, urging Web site administrators to take measures to prevent unauthorized snooping by search engines. Yandex spokesman Ochir Mandzhikov said this involves carefully setting up their robots.txt, a special file that tells search engines about the pages that should not be crawled and indexed. The leaks, he said, were not due to faulty search algorithms, but to loopholes in Web site design. “We recommend that Web site administrators should carefully configure and examine information contained in the robots.txt file,” Mandzhikov said.
Russian online shoppers spent close to $20 billion last year to pay for items such as plane and train tickets, mobile services and electronic devices, according to a study by Google Russia and Citibank released in November. The authors of the study predicted that spending by online shoppers could reach 800 billion rubles ($27 billion) in 2012, as online marketing gains a stronger foothold in the country, becoming the most popular, effective and inexpensive way to reach buyers. About 65 million Russians currently use the Internet, and almost all of them, the study says, browse the network in search of products and services.
Still, the fallout from the present security leak may well be that ever more of Russia’s online shoppers will be more reluctant than ever before to use electronic cards for online transactions, experts say. While Russians rarely use electronic cards at retail outlets, recent changes in E-commerce regulations have emboldened more Russian buyers to use credit cards for online purchases, according to Glenbrook, a payment strategy consulting firm. Many Russian online sites have been actively pushing deals, especially since the government approved a National Payment System bill in November, giving the country’s E-commerce a boost. However, with tales of identity theft and fraudulent transactions widely publicized, many Russians still believe that providing credit-card or bank account details to a virtual store could seriously compromise their personal security. Glenbrook says the use of electronic cards online still represents only a third of all online transactions in Russia, and most buyers prefer cash on delivery (COD) for online purchases in their efforts to err on the side of caution. |
| The source |
|
|
|
|
|
|
The virtual community for English-speaking expats and Russians
