Watch Out For Google Rich Snippet Hacking

May 2, 2013 • 9:05 am | comments (16) by twitter Google+ | Filed Under Google Search Engine Optimization

google rich snippet/schema hackingThere are two reports in the Google Webmaster Help of webmasters noticing that the schema aka rich snippet details show third-party data and links in the rich snippet testing tool.

The schema is showing up in Google's Rich Snippet tool as showing third-party web sites, some leading to pornography sites or drug sites. To me, this looks like a sophisticated hack of some sorts.

One webmaster claimed it is not server side that it is something deeper. He wrote:

It is 100% sure this isn't caused client-side (server) because these clients use different hosting-providers servers, server configs site techniques, html types, CMS's and so. Besides the fact that they all use they have absolutely nothing in common.

Here is a screen shot showing the hack of some sorts:

schema hacked

There are plenty of other examples in the thread of this happening.

Structured data is one of the most trusted methods of communicating what your site is about to Google. If that gets hacked and misdirected, how much of an impact can that have on your ranking, trust and confidence.

The question is, how did this happen and what can be done to prevent it.

The scary part is that it is hard for webmasters to see these hacks and by the time you see it, it is too late. Much like a malware hack, but Google does a good job communicating to the webmaster of malware hacks.

Google has not yet replied to the issue in the thread.

Forum discussion at Google Webmaster Help.

Update: Seems like this was just a display bug on Google's part. After a few days of investigative work, John Mueller of Google responded saying:

The team here has been looking into this since your reports here, and this seems to be from an issue on our side. We've been able to resolve the issue, but it may still take a few days for the changes to be live everywhere. According to my information, this was only an issue in the display of the data, it did not cause any of that data to be visible in search, or to otherwise affect search results. We apologize for the confusion this has caused and have taken steps to prevent this and similar issues from occurring in the future.

Image credit to BigStockPhoto for hacking

Previous story: You May Never Recover From Google's Penguin


Martin Oxby

05/02/2013 01:27 pm

I'm surprised that it *can* happen as you need a two-pronged hack - the website itself (the easiest one) and your Google+ profile (harder, depending on your password I suppose)... the disturbing part is if this IS the case, then Google themselves have a hack problem. People not securing their own sites is not new, but the two-fold verification process shouldn't have been hackable - a weakness in the system on Google's part?

Richard Hornsby

05/02/2013 01:49 pm

You don't need a Google+ profile to implement breadcrumbs.

Martin Oxby

05/02/2013 02:17 pm

No, valid point. So it's webmasters who need to tighten up their security then?

Mike Wilton

05/02/2013 04:25 pm

I've seen a lot of weird stuff like this in the past, normally it comes from the blog's comments. I'm not sure what it is about the comments section and Google identifying schema, but it seems that anytime there is a comment the names, and data in the comments section get picked up in the Rich Snippets tool.

chaudhary amir

05/03/2013 03:42 pm

This is not good hacking is the big problem now a days everyone wants to be a hack master i observe that and i've seen a lot of these kind of pornography sites.


05/03/2013 05:07 pm

Is there one firm managing all sites affected? Could the a virus at the firm level hijacking passwords and logins.


05/03/2013 05:09 pm

I don't think it's that simple. The odds of multiple sites being hit. Something else is going on.

Jarno van Driel

05/03/2013 07:27 pm

I am 1 of the webmaster who reported the problem at the webmaster tools forum. The reason why I am sure it's not a 'easy' security issue is due to the different levels of rights I have. For some servers I have all rights and with others only the rigths to view files and nothing more than that. But more importantly, I have worked together with server admins from different clients/ISP's, analyzing server connections and logs. Absolutely nothing came out of these investigations. The servers involved are absolutely clean. The real braintwist happened when I saw the same behaviour also show up with 100% static sites (old school html files) without any form of scripts running on them nor php or aspx.

Friv 2

05/04/2013 01:10 am

People not securing their own sites is not new, but the two-fold verification process shouldn't have been hackable - a weakness in the system on Google's part?


05/04/2013 04:58 am

Good point. Was thinking maybe a shady SEO firm who had login access to the websites added them in? It is doubtful its a virus or a worm. More like SQL injection.


05/04/2013 12:22 pm

I've had security issues on several of my sites recently. The only one that I haven't been able to figure out is the one on a pure html site that really shouldn't be hackable. I get a popup that looks like a security warning for a script execution that launches, according to Norton, a "web-based attack," when clicked. Ideas would be appreciated.

Martin Oxby

05/04/2013 01:48 pm

Check through your code for anything that wasn't originally intended and make sure you reset all FTP passwords. If you have been hacked, you may need to take it up with your web hosting provider as well. (and pure HTML files are not immune to all attacks)

Jose Capelo

05/05/2013 06:32 pm

Thanks for the info Barry!

Amit Dwivedi

05/06/2013 05:55 am

Thank you so much to share wonderful information.

Roman M

05/06/2013 09:26 am

JohnMu has just made a comment about the issue.

Kizi Friv

05/09/2013 04:01 pm

This can be a truly different educational article.

blog comments powered by Disqus