AOL 'Screw-up' Causes Search Data Spill
Modernizing Authentication — What It Takes to Transform Secure Access
AOL on Aug. 7 blamed an internal "screw-up" for the embarrassing release of detailed keyword search data for roughly 658,000 anonymized users.
Dulles, Va.-based AOL's mea culpa comes in the midst of a firestorm of criticism from privacy advocates that the informationwhich amounts to about 20 million search queriescould be traced back to AOL users.
Already struggling to repair its image with users, the data spillage is another black eye for the Internet division of Time Warner.
"This was a screw-up, and we're angry and upset about it," AOL spokesperson Andrew Weinstein said in a statement sent to eWEEK.
Weinstein said the release of the data was an innocent attempt to reach out to the academic community with new research tools.
"It was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant," he added.
The data, which has been mirrored on multiple Web sites, represented a random selection of searches conducted over a three-month period (March to May 2006) and includes a numbered User ID, the actual query, the time of the search and the destination domain visited.
The searches only included U.S. searches conducted within the AOL client software, Weinstein said.
The AOL usernames were changed to random strings, but the data associated with each search is matched to the number.
In some cases, there is a theoretical possibility that the search queries could be used to personally identify an AOL user.
"Although there was no personally identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again," Weinstein said.