Local SEOs Sound Off On Google+ Local Hijackings

google-plus-localEarlier this week, Danny Sullivan reported on the hijacking of thousands of local hotel listings within Google+ Local. Those listings had been replaced by third-party hotel booking services. And while it’s unclear how long those third-party links were in place, several knowledgeable people have surmised it may have been at least a month, if not longer.

Without offering any substantive comments about the situation, Google appears to have cleaned up the problem and mostly, if not entirely, restored the proper links. There’s been no explanation forthcoming about how this might have happened from the company, though Google acknowledged the incident.

Hijacked listings

As a follow-up to the first article, I reached out to a number of local SEOs and people familiar with the intricacies of Google+ Local and related products. I asked them how this might have happened and whether they had any suggestions about how to guard against this type of hijacking in the future.

Below are a selection of the theories and responses I received via email. It’s important to note that these remarks and observations are speculation, based on second-hand knowledge of the incident.

Mike Blumenthal, Local U and GetFiveStars.com

Given that we don’t know exactly how it was executed, exactly when it was executed and we don’t really have details of any NAP [name, address, phone number] changes that may have taken place it is difficult to talk about preventing this is the future.

Google is moving from the old dashboard to the new dashboard and implementing the intrinsically more secure reality of only allowing a single entity to claim any given listing. This is not the case under the old dashboard.

My working theory is that these listings were either unclaimed or possibly claimed via the bulk upload. Bulk upload is viewed by Google as more of a data feed than a listing verification method and it does not lock out local claimants. Thus the listings were “eligible” to be double claimed. And claimed into the new G+ Local environment. In theory that requires verification either by post or a call and  exactly how this many listings were in fact verified with the new domain is unclear.
If it wasn’t via this vector then there is some possibility that the URL changes were somehow pushed through MapMaker where a lot of abuse has been occurring of late. But without Google saying something I doubt we will know enough to really speak intelligently about the situation.

Nyagoslav Zhekov, Director of Local Search at Whitespark

It might actually be impossible to say. It appears that very soon after the article Google worked on cleaning up the issue. Practically every listing I looked at had an edit made by Google on 13/14 January 2014. The edits are obscured, and most of the historical edits are also obscured, which leads me to think the exploit was connected to Map Maker. As the “hacked” listings appear to be from different countries around the world, there are only two possible explanations (if my assumption is correct):

–Different Google Reviewers made constant mistakes and approved Map Maker edits without checking their validity at all (happens frequently, this issue has been raised to the attention of Google numerous times by me, Mike Blumenthal and others).

–One or more Google Reviewers have been involved somehow in approving those bogus edits. Google Reviewers are Google employees that work mainly from India, as far as I understand some of them are very close to freelancers, and their communication with the central Google offices is very inconsistent. This might sound like a conspiracy theory, but I doubt these people get a salary of more than a few hundred dollars/month, and it won’t be a problem for a big online hotel booking site (or maybe a competitor hotel chain of the hotels that suffered from the exploit) to offer them tenfold that in exchange of approving a few edits.

David Mihm, Director of Local Strategy at Moz.com

Most of the comments I see on Danny’s article are extremely speculative. Either Google has gone through and scrubbed the history of a couple of the locations in Danny’s report pr this is not a Mapmaker / suggest-an-edit hijack (which is what a bunch of the comments are suggesting).

Those listings don’t show any activity prior to Google “cleaning them up” on the 13th. It wouldn’t surprise me if Google has manually scrubbed the history to try to hide the exploit from like-minded hackers, but the fact that this seems to have happened simultaneously makes it unlikely that it was an army of people all suggesting the same edits at the same time.

This morning the pages that are “back” are unverified, which is a little strange:

Google’s PR tactic of no-comment-obfuscation never does them any favors with regard to brand perception in Local but I don’t think our whining about it is likely to change anything.

Steve King, Vice President of Product at SIM Partners 

Steve King sent out a note to the firm’s large hospitality client base after the article appeared, detailing the way its technology and systems prevent this sort of hijacking. At the end of the note, was the following prediction:

The report of the hijacked Google+ Local listings does not surprise me and I expect to see more reports of this happening in all verticals that are local in nature but have a high percentage of business transacted online. I would also guess that other sites offering local business information like Yelp, Citysearch and others are likely to be attacked in this way too.

Feel free to add your theories and speculation or reactions to their observations in the comments below.

Related Topics: Channel: Local | Google: Maps & Local | Search Engines: Maps & Local Search Engines | Top News


About The Author: is a Contributing Editor at Search Engine Land. He writes a personal blog Screenwerk, about SoLoMo issues and connecting the dots between online and offline. He also posts at Internet2Go, which is focused on the mobile Internet. Follow him @gsterling.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • http://jameshalloran.net/ James R. Halloran

    I think Mike Blumenthal makes a good point. Google is currently updating everything from an outdated dashboard. Perhaps the hackers/ hijackers took advantage of either the new or old dashboards? (Probably the new one.)

  • http://www.it-sales-leads.com/ Barbara Mckinney

    I love the immediate response of Google on the said issue. As more and more businesses trying to have a high rank in Google search, we must expect to have a lot of this kind of issue in the future.

  • http://lathesis.com/ Lathesis

    Mike Blumenthal it a good point and yes Google is so busy with updating but the immediate response from Google & cleaned up the problem

  • Corbin Haresnape

    Greg (and Danny),

    Quite a few of these hijackings were my properties so I wanted to leave a few thoughts. This is not unusual activity, especially in the affiliate space, it simply got press this time. This has been happening for quite some time, albeit at a smaller scale. I will even go as far as to say it is the same group of affiliates. RoomsToBook is affiliated with RoomWhiz(z) which was an offending affiliate less than 2 months ago.

    Blumenthal is right (as he almost always is) that bulk feeds were the weakness in this incident. They provide scalability but lack any type of listing or data protection that is present with individual verification. In addition I will add that verifying a listing is not all that difficult: 1. Abuse MapMaker to adjust phone number to a controlled number (with a matching region area code) 2. Verify the property 3. Plug in affiliate information.

    One final note I will add about bulk feeds. After the initial verification of the account (1 property with postcard or phone number) there is no restriction for the feed. Feed a competitor’s property bad information? Sure. Want to run affiliate links? Go for it. I have seen affiliates use this technique.

    I will avoid the Google-bash parade and instead say that bulk feeds are a “good” experience but if Google would offer a verified listing bulk option (with some rigorous initial verification) it would be a “better” experience.

    One final note, franchise businesses like protection, consistency, and value for time. G+ Local at a bulk scale is neither of those. Bing for Business/Facebook Local where you at?


  • Scott Davis

    Verifying a listing doesn’t prevent it from being hijacked.

  • Corbin Haresnape

    Hey Scott,

    That is accurate. My concern is that a bulk feed provides no “protection” whatsoever, the larger point is scalable data security is what we need. Thanks!

  • Scott Davis

    I believe one of the major faults with Google’s Places & Maps system is the entire design around a unique phone number… They’ve taken a location based application and removed the location requirement from it. We’ve had OTA’s and competitors create and verify (don’t ask me how they verified… still trying to figure that one out) duplicate map listings with their own URL & phone number, yet the same name and address of our legitimate map listing.

    Designing a Location/Mapping interface and having location not be the distinguishing factor between listings was extremely poor design and has allowed this type of exploitation.

  • Steve King

    There’s a lot of things going on with the Google bulk tool – I’m not sure the hijackers would’ve been able to easily use it to claim all the listings.

    We’ve put up a recent post sketching out current issues with Google’s bulk tool and upgrades that seem to be coming soon. http://www.simpartners.com/google-bulk-limbod-listing-management-tool/

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide