Occasionally run searches like site:yourdomain.com inurl:txt to see what Google has already found. The Bottom Line
It is important to note that not every result returned by inurl:userpwd.txt is a valid exploit. Inurl Userpwd.txt
Developers sometimes create temporary text files to pass credentials between scripts or applications. Occasionally run searches like site:yourdomain
If you suspect you have a leak, or want to audit your domain, use these tools: or want to audit your domain