Cenzic 232 Patent
Paid Advertising
web application security lab

AOL Releases Public Information

One of my co-workers sent me this (not a security guy at all but he was freaked out by it). AOL/Google apparently gave out 2 gigs of search information for their users. Of course they didn’t use the user’s names but they did put in the user IDs so they can be correlated together. AOL/Google was smart enough to take it off line as soon as they realized why that’s a bad idea (not sure why they ever thought it would be a GOOD idea) but the damage is done. The content is now located in a number of locations being a manageble 1/2 gig in size when compressed.

This is one of those things that I think big companies are doing more and more frequently. They are becomming more transparent because they think it will drive traffic and make people interested in what they are doing. Ultimately, that may be true (and this case, it’s definitely true that it has drawn a lot of attention) but now all of those users are deeply at risk for identity fraud or worse. I’d be surprised if there wasn’t a class action lawsuit that came of this. I guess I’m glad I was never an AOL user. Just goes to show, you can’t trust your privacy to search engines or ISPs that partner with them.

6 Responses to “AOL Releases Public Information”

  1. RSnake Says:

    More from the AOL/Google disclosure fray. Looks like they got the webmaster@rotten.com search results if you ask me. Those guys are pretty weird:

    http://plentyoffish.wordpress.com/2006/08/07/aol-search-data-shows-users-planning-to-commit-murder/

    I doubt this is a guy trying to kill someone (just looks like a sick bastard looking to get off), but you never know. The AOL/Google letter at the bottom of the page is interesting too! AOL/Google is backpeddling on this one. “Sorry, it was a mistake.” just doesn’t quite cut it. It’ll be interesting to see how this pans out. My guess is it won’t be pretty. I wonder if this will require a SB 1386 disclosure for the California users. The weird part of this is that it wasn’t someone hacking them. It was them who put this up, so that might fall outside the range of SB 1386 because it was intentional. Either way I can see the legal issues on the horizon.

  2. Albert Says:

    haha that is hilarious i wonder what kinda search queries you would see on google’s hq.

  3. ha.ckers.org web application security lab - Archive » AOL Sponsors Spam Domains Says:

    […] Well, as if AOL/Google couldn’t shoot themselves in the foot enough this week, AOL/Google announces their intentions to open a free email/domain gateway.  Tsk Tsk.  What on earth are they thinking?  Free?  Email?  Domain?  Are you kidding me?  You might as well fly a banner over the sendmail conference asking people to start using you as a spam/SEO gateway. […]

  4. ty Says:

    A site where you can search the data is here:

    http://www.datablunder.com/logitems/query/

  5. ha.ckers.org web application security lab - Archive » How My Friend Got Laid Says:

    […] I applaud my friend’s ingenuity, but at the same time, I’m concerned about what that means in the days of big brother data mining (guess where I won’t be storing my pictures?). All it takes is one person getting access to this type of information through intentional information disclosure or by accident. The responsibility must be ominous. […]

  6. RSnake Says:

    Well, apparently someone got fired for this after all that: http://news.bbc.co.uk/2/hi/business/5272974.stm

    We’ll see how this shakes out. I promise this isn’t the last of this you’ll hear.