There are a series of security measures you can take that should help your Google account stay ... [+] secure from dorking.gettyGoogle dorking is the use of advanced search operators to find specific information on the internet that might not be findable using standard search queries. Google dorking is also known as Google hacking which is misleading, as its perfectly legal, and is often used by security professionals to find vulnerabilities in their organization's systems. However, the flip side if this is that the technique also allows hackers to access information that you'd rather remained private. This can include, for example, unsecured login portals or sensitive company documents. We look at the risks of Google dorking, and what you can do to stay safe.What Is Google Dorking?So named because they involve searching like a dork, Google Dorks were first introduced by computer security expert Johnny Long.In 2002, Long started using custom queries to search for elements of websites that could be leveraged in cyberattacks. The list gradually expanded; and two years later, these queries were codified into the Google Hacking Database (GHDB) as a dictionary of queries designed to be used by penetration testers. However, it didnt take long before cyber criminals were using the techniques, too, in order to unearth, for example, unprotected databases, server credentials or private documents that were not meant to be publicly accessible.How Does Google Dorking Work?Google dorking relies on the fact that when Google crawls the web to index pages for its search engine, it can see parts of websites that normal internet users cant.It allows searchers to use the advanced operators used for this by Google, together with keywords, to locate specific text strings within search results. But while the technique can be useful for anybody, it also offers distinct possibilities for hackers. Conversely, its also often used by security professionals to identify vulnerabilities in their systems. Google dorking doesn't require any great level of skill: it's simply a question of checking through a list of possible dorks and then following instructions.MORE FOR YOUCommon Google Dorking Commands And ExamplesThere are literally thousands of Google dork commands, most perfectly innocuous and used simply to target searches more accurately, but some really only of use to security researchers or cyber criminals.Some of the most widely-used dorks include:site:inurl:intitle:intext:filetype:cache:link:Dorks can be linked together to create even more specific searches.1. site:Narrows results to a specific site or domain; for example, site:example.com searches only the example.com website.2. inurl:Finds pages that have the specified text in the URL; for example, inurl:dorking will find pages with dorking in the URL.3. intitle:Locates pages with the specified text in the title tag, for example intitle:advice.4. intext:Finds pages containing the exact phrase, for example: intext:John Smith.5. filetype:Returns results only of specific file types like PDFs, XLS or DOCX, for example: filetype:pdf6. cache:Finds cached versions of a web page, for example: cache:example.com7. link:Finds web pages that contain a link to a specific document, for example link:https://www.forbes.com/sites/technology/article/google-account-hacked/Google Dorking Cybersecurity RisksTheres nothing inherently bad about Google dorking: as we've seen, it can be a very useful tool for improving the accuracy of legitimate searches. It's also extremely helpful for penetration testers or ethical hackers aiming to improve the security of websites by looking for vulnerabilities.However, its also used by the bad guys, with hackers using Google dorks to find sensitive data such as employee information or intellectual property. It can also be used to identify security vulnerabilities such as misconfigured servers, outdated software and unsecured databases. And it's worth remembering that leaving your website vulnerable, particularly if those vulnerabilities are exploited, can carry other risks too for example, legal penalties and fines for compliance violations, or damage to your company's reputation.How Can You Protect Your Data?Those using Google dorking for nefarious purposes are generally after sensitive corporate information, or signs of cybersecurity vulnerabilities.There are a number of ways to try and ensure that it doesnt happen to you. These include the basic cyber security measures that you should be implementing across all your accounts, like limiting access to sensitive information, taking advantage of security tools and firewalls and using strong and unique passwords and two-factor authentication. Scan for vulnerabilities regularly, and use Google Search Console to delete sensitive websites from the results of public searches. Implement a tight Robust Robots.txt file, which instructs web robots about which pages on your site to crawl or ignore.Bottom LineGoogle dorking is a mixed blessing on the one hand, its a useful tool for improving the effectiveness of online searches, but on the other it can form a mechanism for hackers to access private information. But there are a series of security measures you can take that should help your website stay secure.Frequently Asked Questions (FAQs)What Is DorkGPT?Theres an AI for everything these days, and Google dorking is no exception: DorkGPT is a free AI-powered tool that generates its results using Google dorks.Powered by Open AIs ChatGPT, its similar to use. Simply type a query into its search bar, and it will automatically generate a query using Google search operators to get results that should be more accurately targeted than other search methods.Do Google Dorks Work On Bing?The techniques of dorking work across other search engines too, for example as Bing, Yahoo and DuckDuckGo.In most cases, the specific dorks you can use are the same as those used for Google as they use the same search operators. The results dorking returns may vary from search engine to search engine, though, depending on how sites are indexed and how the search operators are interpreted.How To Tell If Your Google Account Is Hacked?There are a number of signs that your Google account may have been hacked discovering, perhaps, that your password no longer works, or that other personal information relating to the account has been changed.Other signs include receiving a security alert from Google warning that there has been a sign-in to your account from a new device, or of other behaviour that it deems unusual or suspicious. You may also be contacted by friends or family who have been receiving strange messages purportedly from you.