The search engine dubbed as “Indexeus”, designed by 23-year-old Jason Relinquo of Portugal, boasts a searchable database of “over 200 million entries available to our customers“. It specifically targeted hackers by listing huge amounts of their information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts.
If in case, any hacker want to get their credentials removed or blacklisted from the search engine, it would cost $1per record that they wanted to conceal from public view.
As a disclaimer on the search engine website explained, “The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service.”
Most of the information this 23 year old boy gathered comes from data breaches and hacks of forums popular in the hacking community, which no doubt makes it one of the largest depositories of hackers’ personal details ever made available publicly.
The search engine website says that its purpose is to make people more aware of their online security, which they sometimes undermine.
“This is a service which provides easy access to hundreds of databases, which is very useful if you don’t want to bring your databases around or if you just don’t have any,” reads the website’s FAQ page. “The goal is to make people realize that using the same information all over is stupid and will lead to you getting your information stolen, but also showing you how badly administrators keep your private data stored.”
Apparently, you no longer have to pay for the removal of any record — it’s free now. Since being exposed
by Brian Krebs, Relinquo recently modified his terms of service so that users don’t have to pay any dollar to have their information removed or completely blacklisted from the search engine’s site.
Obviously, due to the EU’s “right to be forgotten;” he can not charge for a service that’s supposed to be free of charge. However, it remains unclear how users would prove that they are the rightful owner of specific records indexed by the service.
“We’re going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don’t want to escalate,” Relinquo wrote in a chat session. “If [Indexeus users] want to keep the logs and pay for the blacklist, it’s an option. We also state that in case of a minor, the removal is immediate.”
If the availability of private information made Relinquo able to build the search engine, then you can imagine what amount of private informations of users breached in different hack attacks. It indicates that online privacy and security threats are real, since hackers may already have a user’s information without even their knowledge.