One of my co-workers sent me this (not a security guy at all but he was freaked out by it). AOL/Google apparently gave out 2 gigs of search information for their users. Of course they didn’t use the user’s names but they did put in the user IDs so they can be correlated together. AOL/Google was smart enough to take it off line as soon as they realized why that’s a bad idea (not sure why they ever thought it would be a GOOD idea) but the damage is done. The content is now located in a number of locations being a manageble 1/2 gig in size when compressed.
This is one of those things that I think big companies are doing more and more frequently. They are becomming more transparent because they think it will drive traffic and make people interested in what they are doing. Ultimately, that may be true (and this case, it’s definitely true that it has drawn a lot of attention) but now all of those users are deeply at risk for identity fraud or worse. I’d be surprised if there wasn’t a class action lawsuit that came of this. I guess I’m glad I was never an AOL user. Just goes to show, you can’t trust your privacy to search engines or ISPs that partner with them.