I wanted to share a “short and sweet” post with a tip on how to protect your access credentials from “leaking” to others. Recently Goomzee’s engineers discovered some MLSs whose RETS login credentials were being shared publicly by mistake. A third-party developer hosted their source code on Github and it included the RETS login credentials for some MLS feeds they had access to. This information was easily discoverable by a Google search.
We informed the MLS executives advising they change their passwords and notify the developer(s) of their mistake. This got me thinking that we should suggest a tip on how they can police/prevent these mistakes using Google as their ally.
- Identify your main RETS login URL ( e.g. – rets.mlssystem.com/YOURCO/login )
- Visit Google Alerts and add the URL from step 1 ( https://www.google.com/alerts )
- If you discover credentials have been compromised, change them in your system immediately; the account holder will be contacting you when their feed doesn’t work. Be sure to notify the owners/developers as it could be an honest mistake, but this way you don’t let yourself be a victim of their mistakes.