Wednesday, August 23, 2006

Software Security or Stupidity: AOL

I read today that AOL has fired its CTO, Maureen Govern less than a year after she started work, after it was discovered that the company disclosed the results of more than two million search queries made by 650,000 AOL subscribers between 1 March and 31 May. The data was posted to to a publicly accessible research website even though it was originally intended for internal use only.

AOL removed the data from Web, and no PII (personally identifiable information) about AOL subscribers ) was disclosed. However, privacy advocates continue to rage on the issue of protecting the privacy of search queries and results.

Although most breaches of customer data are related to software bugs, I can't classify this breach as a software-defect related - it seems to me more like stupidity and it's a no-brainer that people don't want the contents of their search queries disclosed - a lot of upstanding folks are googling for naughty words.


No comments: