Ask.com’s Apache server status page is open to the public at ask.com/server-status. That technically means that any queries and user actions done on that server on Ask.com are open to anyone to look at.
It is unclear how long this page has been open to the public, but the server status page says the last time this server was restarted was over three days ago. Is it possible that on that reboot, the server status page was accidentally left unlocked and exposed?
All the IP addresses listed are internal IPs, likely the Ask.com firewall. So it is not exposing unique searchers’ IP information. But it is exposing user queries, how many searchers are done, in real time.
Here is a snippet of the exposed log:
You can see that a searcher is looking for a Rolex Submariner watch, a purple leaf sand cherry hedge, Australian securities exchange share prices and more. Clear queries from real searchers are fully exposed here. You can simply keep refreshing the ask.com/server-status page and see new queries from real searchers.
This, on some level, reminds me of the AOL search query leak, where a user’s queries were able to be uncovered and tracked down.
This was discovered by Paul Shaprio about two hours ago.
Postscript: At 11:15am EST, the page has been locked down and we can no longer access it.
Ask.com’s press team sent us this response:
We have been working to address the inadvertent publishing of the Ask.com server status page and can report that this matter has now been globally resolved. We can confirm user IP addresses were not accessible during this incident, only queries and the IP addresses of our internal servers. We regret this error and are committed to protecting the confidentiality and security of our users’ information.
Source link 0