Ask.com, last week, "inadvertently" was exposing their searcher query data to the whole world by not locking down their Apache server status page. It was pretty insane actually for this to happen and I covered it at Search Engine Land immediately when I spotted the post on Twitter from Paul Shapiro on this.
In short, the server status page which is located on most Apache servers at /server-status was not locked down and visible to everyone. While it did not share the searchers IP address, it did expose live queries happening on Ask.com.
@notsleepy spotted this one live:
But there were plenty of embarrassing ones.
Ask.com sent this statement to us:
We have been working to address the inadvertent publishing of the Ask.com server status page and can report that this matter has now been globally resolved. We can confirm user IP addresses were not accessible during this incident, only queries and the IP addresses of our internal servers. We regret this error and are committed to protecting the confidentiality and security of our users’ information.
In any event, that was pretty wild to see and it may have been like that for 3 days until we notified Ask.com about it.
This reminded me of the AOL leak from 2006.
Forum discussion at Twitter.
This post was scheduled to go live today but was written earlier - I am currently offline today.
