BreachExchange mailing list archives
Re: Details on AOL search log disclosure
From: Chris Walsh <cwalsh () cwalsh org>
Date: Mon, 7 Aug 2006 22:03:41 -0500
They must have a more selective regex than mine. I got 260 hits. Selecting those results which also contain the word 'social' results in 22 hits, with many that are clearly attempts to look up the records of a specific individual -- often supplying an address and DOB as well as an SSN. The regex I used is: /(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]+?)(?!00)\d\d\3(?!0000)\d{4}/ It is a minor variant of one found at http://www.regexlib.com/ REDetails.aspx?regexp_id=535 (Checking for CC#s now....) On Aug 7, 2006, at 4:26 PM, lyger wrote:
(from Dave Farber's IP list) Begin forwarded message: Date: August 7, 2006 1:12:38 PM EDT Subject: Re: [IP] AOL Releases Search Logs from 500,000 Users A search for an SSN shaped regex on the full AOL search data returns a 191 results including repeat searches. Many of these have full names, and at least a dozen include either an addresses, drivers license number, date of birth or some combination of the three in the same query. There's no telling how much more information an aggregation of other queries by those same user ID would yield. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- Details on AOL search log disclosure lyger (Aug 07)
- Re: Details on AOL search log disclosure Dennis Opacki (Aug 07)
- Re: Details on AOL search log disclosure Chris Walsh (Aug 07)
- Re: Details on AOL search log disclosure Joshua Reich (Aug 07)
- Re: Details on AOL search log disclosure lyger (Aug 07)
- Re: Details on AOL search log disclosure security curmudgeon (Aug 08)
- Re: Details on AOL search log disclosure Jon Passki (Aug 10)
- Re: Details on AOL search log disclosure Joshua Reich (Aug 07)