Cambridge University researcher Steven Murdoch successfully used Google to help crack a password
used by an attacker who had hacked into his blog a few weeks ago and created a user account.
After he quickly disabled the account, Murdoch became curious to know what the hacker’s password might be. Since his website uses WordPress, which stores passwords as unsalted MD5 hashes in its user database, he wrote a script which hashed all words in both the English and Russian dictionary to find a match. He had no luck, however, so he turned to Google.
He took the MD5 password hash from the database and stuck it into Google, which revealed multiple sites featuring the word “Anthony”, the attacker's password. While this certainly is an interesting trick, Google’s usefulness as an MD5 cracker is fairly limited as it only finds hashes of things that people have hashed before, thus the importance of using hard to guess passwords.