Earlier this week, Danny Sullivan reported on the hijacking of thousands of local hotel listings within Google+ Local. Those listings had been replaced by third-party hotel booking services. And while it’s unclear how long those third-party links were in place, several knowledgable people have surmized it may have been at least a month, if not longer.
Without offering any substantive comments about the situation, Google appears to have cleaned up the problem and mostly, if not entirely, restored the proper links. There’s been no explanation forthcoming about how this might have happened from the company, though Google acknowledged the incident.
As a follow-up to the first article, I reached out to a number of local SEOs and people familiar with the intricacies of Google+ Local and related products. I asked them how this might have happened and whether they had any suggestions about how to guard against this type of hijacking in the future.
Below are a selection of the theories and responses I received via email. It’s important to note that these remarks and observations are speculation, based on second-hand knowledge of the incident.
Mike Blumenthal, Local U and GetFiveStars.com
Given that we don’t know exactly how it was executed, exactly when it was executed and we don’t really have details of any NAP [name, address, phone number] changes that may have taken place it is difficult to talk about preventing this is the future.
Google is moving from the old dashboard to the new dashboard and implementing the intrinsically more secure reality of only allowing a single entity to claim any given listing. This is not the case under the old dashboard.
My working theory is that these listings were either unclaimed or possibly claimed via the bulk upload. Bulk upload is viewed by Google as more of a data feed than a listing verification method and it does not lock out local claimants. Thus the listings were “eligible” to be double claimed. And claimed into the new G+ Local environment. In theory that requires verification either by post or a call and exactly how this many listings were in fact verified with the new domain is unclear.
If it wasn’t via this vector then there is some possibility that the URL changes were somehow pushed through MapMaker where a lot of abuse has been occurring of late. But without Google saying something I doubt we will know enough to really speak intelligently about the situation.
Nyagoslav Zhekov, Director of Local Search at Whitespark
It might actually be impossible to say. It appears that very soon after the article Google worked on cleaning up the issue. Practically every listing I looked at had an edit made by Google on 13/14 January 2014. The edits are obscured, and most of the historical edits are also obscured, which leads me to think the exploit was connected to Map Maker. As the “hacked” listings appear to be from different countries around the world, there are only two possible explanations (if my assumption is correct):
–Different Google Reviewers made constant mistakes and approved Map Maker edits without checking their validity at all (happens frequently, this issue has been raised to the attention of Google numerous times by me, Mike Blumenthal and others).
–One or more Google Reviewers have been involved somehow in approving those bogus edits. Google Reviewers are Google employees that work mainly from India, as far as I understand some of them are very close to freelancers, and their communication with the central Google offices is very inconsistent. This might sound like a conspiracy theory, but I doubt these people get a salary of more than a few hundred dollars/month, and it won’t be a problem for a big online hotel booking site (or maybe a competitor hotel chain of the hotels that suffered from the exploit) to offer them tenfold that in exchange of approving a few edits.
David Mihm, Director of Local Strategy at Moz.com
Most of the comments I see on Danny’s article are extremely speculative. Either Google has gone through and scrubbed the history of a couple of the locations in Danny’s report pr this is not a Mapmaker / suggest-an-edit hijack (which is what a bunch of the comments are suggesting).
Those listings don’t show any activity prior to Google “cleaning them up” on the 13th. It wouldn’t surprise me if Google has manually scrubbed the history to try to hide the exploit from like-minded hackers, but the fact that this seems to have happened simultaneously makes it unlikely that it was an army of people all suggesting the same edits at the same time.
This morning the pages that are “back” are unverified, which is a little strange:
Google’s PR tactic of no-comment-obfuscation never does them any favors with regard to brand perception in Local but I don’t think our whining about it is likely to change anything.
Steve King, Vice President of Product at SIM Partners
Steve King sent out a note to the firm’s large hospitality client base after the article appeared, detailing the way its technology and systems prevent this sort of hijacking. At the end of the note, was the following prediction:
The report of the hijacked Google+ Local listings does not surprise me and I expect to see more reports of this happening in all verticals that are local in nature but have a high percentage of business transacted online. I would also guess that other sites offering local business information like Yelp, Citysearch and others are likely to be attacked in this way too.
Feel free to add your theories and speculation or reactions to their observations in the comments below.