BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Details on AOL search log disclosure

From: Chris Walsh <cwalsh () cwalsh org>
Date: Mon, 7 Aug 2006 22:03:41 -0500
They must have a more selective regex than mine.  I got 260 hits.   
Selecting those results which also contain the word 'social' results  
in 22 hits, with many that are clearly attempts to look up the  
records of a specific individual -- often supplying an address  and  
DOB as well as an SSN.

The regex I used is:

/(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]+?)(?!00)\d\d\3(?!0000)\d{4}/

It is a minor variant of one found at http://www.regexlib.com/ 
REDetails.aspx?regexp_id=535

(Checking for CC#s now....)


On Aug 7, 2006, at 4:26 PM, lyger wrote:



(from Dave Farber's IP list)

Begin forwarded message:

Date: August 7, 2006 1:12:38 PM EDT
Subject: Re: [IP] AOL Releases Search Logs from 500,000 Users


A search for an SSN shaped regex on the full AOL search data  
returns a 191
results including repeat searches.  Many of these have full names,  
and at least
a dozen include either an addresses, drivers license number, date  
of birth or
some combination of the three in the same query.  There's no  
telling how much
more information an aggregation of other queries by those same user  
ID would
yield.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/
Previous By Date Next
Previous By Thread Next

Current thread: