Thousands of Private Text Messages Leak to Web Search Results in Russia

One of the largest Russian mobile carriers Megafon and the leading Russian search engine Yandex need to explain quite a lot of things to their users today due to an unspeakable data leak as thousands of SMS messages sent via Megafon website got publicly available in Yandex search results.

A lazy person in me who types on the normal keyboard almost as fast as speaks but spends unusually long time typing on a cell (iPhone makes it better but it is still not perfect and I don’t get enough practice to learn how to do that equally fast) does not really like to use cell phones for text messages so I’ve been using various alternatives whenever I could.

Most of the time I use Skype for text messages: a small investment in Skype balance allows me to send text messages quickly and easily typing them on a normal keyboard instead of doing the same on my cell slowly and for a comparable price. But rather frequently people in Russia use websites of carriers to send messages to their subscribers – this is free of charge and very easy to do. But it can also be equally unsafe as it now turns out.

Due to someone’s inexplicable mistake a huge number of text messages leaked to the web and got available to anyone online in the search results of Yandex for everyone to see the text and the recipient’s phone number. Clicking a search result enables the visitor to see the time and date when the message was sent as well. Currently news agencies report approximately 8 thousand messages available cached in Yandex search results.

A rapid investigation in both companies showed that for some reason the file robots.txt that is required for search engines to understand how a website should be indexed was missing from the section intended to send text messages to Megafon subscribers on the carrier’s website. The omission has been corrected now and the section has been closed for robots while removing such results from search will take some extra time. Additionally there are now numerous screenshots on all sorts of blogs and technology discussion forums where the information will most certainly stay visible for a long time even after it gets removed from Yandex.

But while this explanation seems perfectly reasonable, there is still the question of how it happened that it was only Yandex that has managed to index such pages and store them for subsequent search requests while Google did not index such pages so the text messages can’t be found in this manner using the international search giant.

One theory explaining this is related to a Yandex tool for websites that is intended to count their visitor stats but this theory has not found its confirmation yet. Though in any way I think it won’t be fair to blame any single party for the problem as there must be technical problems on both ends – though we’ll have to wait for official results of the investigation on both sides anyway.

Whatever combination of reasons has actually caused the problem, I think that after this entire situation anyone should be double cautious about sending private SMS messages using any online tool – while there are numerous such free texting tools online, I can’t really trust them now knowing that even the mobile operators receiving text messages for their own subscribers make such ugly mistakes in their online tools. If I can’t even send a text message safely online via the company the recipient trusts, how could I trust any third-party service not to index my private words? And knowing Skype also stores logs for all the conversations and is now owned by a company that is particularly prone to glitches, I think it will now be safer to finally stop being so lazy when it comes to texting and learn to use the cell phone keyboard after all.

Via (in Russian)