This one’s going to make international headlines. Around 2.30am, I was repairing my son Joe’s Windows XP install when Zoli pinged this story. He says:
AOL, in blatant violation of its users privacy just released the log of 3 month’s worth of searches by 650,000 users. Not to the DOJ, but for open download by anyone. The claim:
“This collection is distributed for non-commercial research use only. Any application of this collection for commercial purposes is STRICTLY PROHIBITED”
AOL, you betrayed your users. If they are any smart, they will boycott your services.
Yuk – that’s really, really bad. Zoli and I engaged in a Skype IM about this – by 4.35am (I was still fixing Joe’s machine!) – the link to the page showing the file had gone to a blank page. I won’t link there. I’ve not downloaded the file which is 2GB unzipped.
The big affiliate marketers will make millions off this, i’m already busy processing the data, and after taking a quick peak at the data its an absolute gold mine for PPC and SEO.
So much for explicit prohibition for commercial use.
Among other things, Zoli and I speculated that:
Spammers will have gotten hold of the data and have a field day
It is possible to reverse engineer the searches to discover a LOT of personal details about people.
- Zoli estimates maybe 1,500-2,000 downloads by the time AOL woke up to what they’d done. What’s the real number?
- How long was the file in the wild?
- Could illicit copies end up on eBay?
- Could market data derived from the file end up on eBay or as part of a market intelligence offering? Almost certainly the second if not the first.
- What will be the impact on AOLs stock price?
- Might shorters speculate on the impact?
- What about a class action lawsuit? For once I think there are decent grounds for one of the ambulance chasers to send out its hit squad – they may even get what they need from the file
- Will AOL be able to track who got the file?
- What is the potential for wholesale identity theft among those 650,000 AOL users?
- Who takes responsibility for this at AOL and how many heads roll as a consequence?
I’m sure there are plenty of other questions. These were what sprang to mind over a 30 minute IM.
BTW – this has nothing to do with security per se but everything to do with stupidity and ethics. It’s up there with Gerald Ratner as a gaff of monumental proportions.
UPDATE: Jason Stamper has penned a well-crafted and detailed analysis about some of the information that can be deduced from the file. Amazing stuff.