This was a really dumb thing to do and is indicitive of a a more general underlying problem. This is all about data classification and the different labels that the players involved would put on the data.

AOL clearly regarded (for a while) the data as not being sensitive and so felt free to publish it publically. Users had a different, and understandable, view that this information was confidential. Hence all the fireworks.

This is not the first time an organisation gets this wrong and I doubt it will be the last.

Martin.

http://www.appsense.com/content/solutions/security/blog/default.asp

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/274/1267#1267