Last week we noted that Google was hosting and handling advertising for the website leakeddata.me, which publishes purported leaked credit card info as well as other types of confidential data. Then on Monday we noted how we had run across another related website, leakeddata.net, but that leakeddata.me appeared to have been taken down by then. Here is what you got when you visited leakeddata.me at that time:
By contrast here is what you get now:
So the website is again being served from Google’s Blogger service with advertising being handled through Google’s AdSense service. The newest entries are of purported username/passwords for several different web services (as shown in the screenshot) and below that are ones for credit card info.
A month ago we noted that Google’s AdSense program was handling the advertising for a number of websites serving “nulled” web software, which is paid web software being distributed illegal, with at least one of those serving up malicious code with the “nulled” web software. We reported a number of the websites to Google as they are violating policies of the AdSense program, but they are still running ads served by Google.
Part of how we became aware of that was that advertising we were running through Google’s AdWords program was being shown on some of those websites. Today we noticed that our advertising has recently been running on an even more troubling website, leakeddata.me.
The title of the website is “Leaked Data | Exploited and Leaked Information | (UPDATED Daily)” and the subtitle is “| Hack Credit Card | Visa | MasterCard | SSN | Amazon | Email Address | MYSQL Database | IP Address | ( HACKED | LEAKED | EXPLOITED )”. The homepage of the website currently shows the details of seven purported leaked credit cards, with the data shown including the credit card number, CVV number, name of credit card holder, and their address.
The top of the homepage of the website has multiple blocks of Google served advertising (bordered in blue):
When we went to see where the website was being hosted we were surprised to find it was Google. The IP address the website is hosted from is 22.214.171.124, for which the host name is any-in-2415.1e100.net. As Google explains “1e100.net is a Google-owned domain name used to identify the servers in our network.”. At that point we noticed that the website is being hosted through Google’s Blogger service.
It would seem that neither the Blogger nor AdSense service do any sort of proactive monitoring looking for credit card info being show on pages using the services, which seems to be something they could be doing.
It looks like the website has been showing leaked info since December of 2014.
We wanted to report this to the Blogger service, but they don’t have an option if you want to report someone else’s private information is being posted, only your own.