CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Security

MoveOn.org subscribers exposed

Dozens of the political action committee's subscriber pages revealed by simple Google search.

Subscribers to MoveOn.org's mailing lists may have found recently that their interest in the anti-Bush political site was a matter of public record.

A Web page misconfiguration left dozens of the liberal political group's subscriber pages easily searchable through simple Google queries. Each page included a subscriber's name, e-mail address and the mailing lists to which he or she is subscribed. CNET News.com confirmed that several searches turned up more than two dozen individual subscriber pages.

"This is extremely disturbing," said one subscriber, who requested anonymity, when contacted through e-mail. "I'm not sure if I should be worried or not, but I am."

The subscriber Web pages linked member's names with their interests, such as "distortion of evidence" and Errol Morris, director of the documentary "The Fog of War," which won an Oscar for its portrayal of the life of Robert McNamara, secretary of defense during the Vietnam War.

MoveOn.org fixed the problem on its site after being contacted by a member. The search results on Google now redirect people to MoveOn.org's front page. The organization is implementing further changes to protect the user information.

The information leak is the latest version of "Google hacking," the practice of using the search engine's advanced features to find private data leaked by Web sites. Earlier this month, security researchers found a way to use the search engine to find lists of credit card numbers, along with card holder information, that had been posted online by traders of illicit financial information.

The incidents highlight increasing concern that knowledgeable Web surfers can turn up sensitive information by mining the Web using the world's best-known search engine. MoveOn.org stressed that no financial information was leaked in the most recent incident, and that the site does not retain credit card numbers.

The discoverer of the MoveOn.org problem, Web developer Shawn Smith, found the information accidentally, he said. Smith, a member of MoveOn.org, had searched Google for information on recent video clips sponsored by the political group. Along with a link to the clips, he found that several of the other search results pointed to Web pages with subscriber information.

"I just wanted to see the (video) spots," Smith said. "Instead, I found these other sites."

Smith alerted MoveOn.org to the problems, and the Web site fixed the issues.

MoveOn.org is best known for using the Net to distribute 30-second spots attacking President Bush's policies. The video spots, called "Bush in 30 Seconds," gained widespread recognition for the site and for the Internet as a medium for grassroots political speech.

Other sites have also profited from the interest of Web surfers, including Sen. John Kerry's and President Bush's campaign sites, and a political parody created by JibJab.