A British blogger stumbled across a way to remove any website from Google's search results, even if that site has nothing to do with you whatsoever.
James Breckenridge of Romsey, Kent, wrote that he was just noodling about with Google's Webmaster Tools and built a Chrome extension to remove his unwanted URLs more quickly. Then, he said, "I made a little mistake and accidentally removed a URL of a website I have no relation to?!? I was stunned it could be that easy. Surely there was no way Google would actually remove the page, right?"
Digging a little deeper he found that he could remove any site he fancied from Google's results.
He posted a how-to on his now-pretty-well-read blog, in an attempt he said to bring the problem to Google's attention.
"Thankfully," he wrote, "there is a time delay from when the request is made to when it is actually processed. The only reason I am happy to highlight this here whilst it is still possible, is because it should be so easy for them to fix (and should have never been possible in the first place).
A number of people tried the methodology and confirmed the exploit on Breckenridge's twitter feed.
"The sole reason I posted this was to get the issue patched, I couldn’t find a method of contacting Google or reporting this directly and maybe naively thought this would generate the most gravitas," Breckenridge blogged.
"The good news," he adds in a later post, "is that after speaking with the security team at Google they are fixing the vulnerability and are going to revert any changes that have been made by utilising this exploit when they are done. So all in all, poor method of disclosure but it got exactly the desired result."
We've messaged both James and Google for comments on the story and are waiting for their responses.
A Google spokesperson just informed us: "We're still investigating this report, and to be cautious we disabled all URL removals yesterday morning (Pacific time)"