Via Dennis Howlett.
AOLs monumental moment of madness: “
This one’s going to make international headlines. Around 2.30am, I was repairing my son Joe’s Windows XP install when Zoli pinged this story. He says:
AOL, in blatant violation of its users privacy just released the log of 3 month’s worth of searches by 650,000 users. Not to the DOJ, but for open download by anyone. The claim:
‘This collection is distributed for non-commercial research use only. Any application of this collection for commercial purposes is STRICTLY PROHIBITED’
…
AOL, you betrayed your users. If they are any smart, they will boycott your services.
Yuk – that’s really, really bad. Zoli and I engaged in a Skype IM about this – by 4.35am (I was still fixing Joe’s machine!) – the link had gone to a blank page. I won’t link there. I’ve not downloaded the file which is 2GB unzipped.
Techcrunch thinks this could lead to evidence of criminal activity and refers to AOLs ‘utter stupidity.’ Paradigm Shift says:
The big affiliate marketers will make millions off this, i’m already busy processing the data, and after taking a quick peak at the data its an absolute gold mine for PPC and SEO.
So much for explicit prohibition for commercial use.
Among other things, Zoli and I speculated that:
Spammers will have gotten hold of the data and have a field day
It is possible to reverse engineer the searches to discover a LOT of personal details about people.
Questions:
- Zoli estimates maybe 1,500-2,000 downloads by the time AOL woke up to what they’d done. What’s the real number?
- How long was the file in the wild?
- Could illicit copies end up on eBay?
- Could market data derived from the file end up on eBay or as part of a market intelligence offering? Almost certainly the second if not the first.
- What will be the impact on AOLs stock price?
- Might shorters speculate on the impact?
- What about a class action lawsuit? For once I think there are decent grounds for one of the ambulance chasers to send out its hit squad – they may even get what they need from the file
- Will AOL be able to track who got the file?
- What is the potential for wholesale identity theft among those 650,000 AOL users?
- Who takes responsibility for this at AOL and how many heads roll as a consequence?
I’m sure there are plenty of other questions. These were what sprang to mind over a 30 minute IM.
BTW – this has nothing to do with security per se but everything to do with stupidity and ethics. It’s up there with Gerald Ratner as a gaff of monumental proportions.
“
(Via AccMan Pro.)