AOL apologizes for exposing search data

Article

AOL apologizes for exposing search data

Bill Brenner, Senior News Writer
AOL apologized for releasing keyword search information from about 658,000 anonymous AOL users Monday, amid growing criticism from privacy rights advocates. AOL, a division of Time Warner Inc., released information on about 20 million searches from 658,000 users of its AOL software over a three-month period.

"This was a screw up, and we're angry and upset about it," AOL spokesperson Andrew Weinstein said in a statement. "It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted. If it had been, it would have been stopped in an instant."

He said AOL has launched an internal investigation into what happened and will taking steps to ensure "this type of thing never happens again." He said search the data, gathered from March to May, was released 10 days ago on the company's publicly accessible research Web site. There was no personally identifiable data provided by AOL with those records, Weinstein said, but search queries themselves can sometimes include such information.

AOL is taking heavy criticism following the information release. In light of all the high-profile

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

data breach cases in the last year and a half that have heightened identity fraud fears, critics said AOL should have known better.

"The utter stupidity of this is staggering," blogger Michael Arrington wrote on his Techcrunch site. "AOL has released very private data about its users without their permission."

While the data displays random ID numbers in place of each user's AOL username, Arrington said, "the ability to analyze all searches by a single user will often lead people to easily determine who the user is and what they are up to. The data includes personal names, addresses, Social Security numbers and everything else someone might type into a search box."

The Planet Potato blog offered similar criticism. "[ISPs and telecom companies] always try and placate the masses by saying that [data] will be adequately protected," the blog said. "It never is and is invariably abused by whomever has least interest or knowledge in protecting the data."