Skip to main content

Search engine exposes hackers' passwords to solicit donations

Search engine exposes hackers' passwords to solicit donations

Share this story

Some hackers are learning what it's like when the hunters become the hunted. A new search engine called Indexeus offers an easy way for ne'er-do-wells to look up login credentials from over a hundred hacks, including recent high-profile dumps of Adobe and Yahoo credentials. But there's a catch: most of the data indexed by the service comes from hacks of forums and websites popular with the underground hacker community. In other words, the search engine is marketing itself to the same people that it is exposing.

Also known as protection money

But that's all part of the business plan, reports Krebs on Security. The men behind Indexeus planned to offer protection services — pay the site a "donation" of $1 per record, and you can have your sensitive info removed (or "blacklisted") from the search engine. As a disclaimer on the site originally explained, "The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service."

That certainly sounds like extortion. Nevertheless, the site's founder, identified by reporter Brian Krebs as 23-year-old Jason Relinquo of Portugal, has been compelled to change the site's policies to offer a free blacklisting option in order to comply with the EU's "Right to be Forgotten" ruling. It all seems a bit odd considering the data peddled by Indexeus is illegal in the first place, but it sure is an entertaining story. If you're looking to check out Indexeus, it appears high traffic loads have temporarily taken the search engine offline.