[Dataloss] Details on AOL search log disclosure

Chris Walsh cwalsh at cwalsh.org
Mon Aug 7 23:03:41 EDT 2006


They must have a more selective regex than mine.  I got 260 hits.   
Selecting those results which also contain the word 'social' results  
in 22 hits, with many that are clearly attempts to look up the  
records of a specific individual -- often supplying an address  and  
DOB as well as an SSN.

The regex I used is:

/(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]+?)(?!00)\d\d\3(?!0000)\d{4}/

It is a minor variant of one found at http://www.regexlib.com/ 
REDetails.aspx?regexp_id=535

(Checking for CC#s now....)


On Aug 7, 2006, at 4:26 PM, lyger wrote:

>
> (from Dave Farber's IP list)
>
> Begin forwarded message:
>
> Date: August 7, 2006 1:12:38 PM EDT
> Subject: Re: [IP] AOL Releases Search Logs from 500,000 Users
>
>
> A search for an SSN shaped regex on the full AOL search data  
> returns a 191
> results including repeat searches.  Many of these have full names,  
> and at least
> a dozen include either an addresses, drivers license number, date  
> of birth or
> some combination of the three in the same query.  There's no  
> telling how much
> more information an aggregation of other queries by those same user  
> ID would
> yield.
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/errata/dataloss/



More information about the Dataloss mailing list