Our P2P Investigation Turns Up Business Data Galore

Avi Baumstein writes in InformationWeek:

Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely–surely people wouldn’t be that sloppy. Like a 19th century prospector, I decided to dip my pan into the stream to see what I could find.

The results were shocking and scary–loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition, using simple tools.


Giddy from my quick success, I tried other search terms and slogged through dozens of computers full of tailings such as High School Musical and Fall Out Boy, until I entered “ssn” for Social Security number. LimeWire, which displays the IP address of the computer hosting each file a search returns, showed an entire page of results for ssn, all with the same IP address. Using “browse host,” I discovered a mother lode of bank passwords and credit card numbers, a few dozen files labeled as Equifax credit reports, and a handful of tax returns.

I’d stumbled upon what’s known as an information concentrator. These are people who do what I was doing–troll the P2P networks for files with personal data. But their intentions are far more sinister–typically identity theft. Most likely this person was inadvertently resharing the confidential information he had found, making the same mistakes with P2P that his prey had made.


I came across a veterinary clinic, with listings of pets and their owners’ billing information. A medical office revealed spreadsheets listing patients’ names along with their HIV and hepatitis status. Wow.


Full story – InformationWeek

About the author: Dissent

Comments are closed.