[Dataloss] Details on AOL search log disclosure
Chris Walsh
cwalsh at cwalsh.org
Mon Aug 7 23:03:41 EDT 2006
They must have a more selective regex than mine. I got 260 hits.
Selecting those results which also contain the word 'social' results
in 22 hits, with many that are clearly attempts to look up the
records of a specific individual -- often supplying an address and
DOB as well as an SSN.
The regex I used is:
/(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]+?)(?!00)\d\d\3(?!0000)\d{4}/
It is a minor variant of one found at http://www.regexlib.com/
REDetails.aspx?regexp_id=535
(Checking for CC#s now....)
On Aug 7, 2006, at 4:26 PM, lyger wrote:
>
> (from Dave Farber's IP list)
>
> Begin forwarded message:
>
> Date: August 7, 2006 1:12:38 PM EDT
> Subject: Re: [IP] AOL Releases Search Logs from 500,000 Users
>
>
> A search for an SSN shaped regex on the full AOL search data
> returns a 191
> results including repeat searches. Many of these have full names,
> and at least
> a dozen include either an addresses, drivers license number, date
> of birth or
> some combination of the three in the same query. There's no
> telling how much
> more information an aggregation of other queries by those same user
> ID would
> yield.
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/errata/dataloss/
More information about the Dataloss
mailing list