According to this posting on the Full Disclosure mailing list, Papa John’s Pizza’s web-based e-mail system was not password protected for a while. They have since fixed the problem, but Google currently has the information in its cache. The following Google query will let you see these e-mails (click on the ‘Cached’ links):
Now try the following query to find the more interesting e-mails:
This brings me back to my previous article on using Google to find vulnerabilities. It isn’t enough for Papa John’s Pizza to fix the issue, for the exposed information is still available to the world via Google’s cache. I’m hoping they will contact Google and request for this information to be removed, but this may take a while to process.
Update: Google cache no longer contains the above information.