Hackers no longer even need to visit a website to attack it, instead they are using information from pages cached by popular search engine Google, according to a report in the New Scientist.
One way hackers can break into a website is by hunting for private pages containing the passwords or usernames required to access secure parts of the site. These pages are normally hidden from the casual browser, but sometimes faulty software or failure to properly delete such pages make this data available, creating a serious security loophole, according to the report.
Hackers normally have to trawl the web searching for such vulnerabilities, but professional hacker Johnny Long told the New Scientist that search engines, such as Google, have made the task much easier.
Search engines work by following all the links on a page and caching the information they find to create a searchable database of web pages. So if a page contains a link to a private page the search engine will follow it and store the cached page. This means that hackers can search for common words found on pages containing sensitive information, such as 'cash history', 'temporary' and 'password'.
As Google makes its cached pages available, hackers can search for this information without ever alerting the owner of the page.
But Google says that it bears no responsibility for the way information it collects is used, and says that its comprehensive database of pages is invaluable to researchers. Instead, web page owners must take responsibility for securing their sites, making sure sensitive information is properly deleted or protected.