Weekly News via Email
   Set as homepage | Add to favorites | Customer Service | Subscribe Now | Place an Ad | Contact Us | Sitemap Tuesday, 11.25.2014
Classifieds
News Archive
Su Mo Tu We Th Fr Sa
 1  2  3  4  5
 6  7  8  9  10  11  12
 13  14  15  16  17  18  19
 20  21  22  23  24  25  26
 27  28  29  30  31
Online Extras
Site Services
Around Bend
Outdoor Fun
Travel Info
Shop Local




Members Of



Poll: Today's Live Poll
Email to a friend | Print this | PDF version | Comments (0 posted) 
  Blogger |   del.icio.us |   digg |   newsvine

May 04,2007
Some data on the Internet can be really intimate
by Keith Darce

First, you had to worry about your credit card number being exposed on the Internet. Then, it was your Social Security number and bank account information.

Add orders for sex products to the list.

The names and addresses of tens of thousands of people who requested free samples of Astroglide - a personal lubricant from Vista, Calif.-based Biofilm - made their way onto Google recently when the massive Internet search engine began digging deeper into Biofilm's servers.

Biofilm has spent the past two weeks trying to erase the customer information from Google and trying to figure out how it leaked.

"If we had had better security, if our security was impeccable, it wouldn't have happened," Biofilm spokeswoman Lynne Merrill said recently.

The incident put Biofilm among a growing number of organizations that have lost control of personal data that they were supposed to protect. Burglars have lifted computers full of sensitive data from homes, offices and automobiles. Government employees have lost work laptops. Hackers have broken into corporate computer networks.

In what has been described as the biggest data theft, at least 45.7 million credit and debit card numbers for customers of TJX Co.'s T.J. Maxx, Marshalls, HomeGoods, HomeSense, A.J. Wright and Winners stores were discovered stolen in recent months.

Although the Biofilm breach didn't put at risk information that could lead to identity theft, it was embarrassing for the company and possibly for the customers whose names popped up on Google.

"We are learning more and more that information that is collected electronically has a way of spreading," said Steven Bellovin, an Internet security researcher at Columbia University in New York. "When you supply information to someone else (on the Internet), that information can be indexed and used in ways you might not want."

Biofilm's problems started in early April when Googlebot, a "crawler" program that mines servers for new information, discovered the Astroglide customer files buried inside the same server that houses Biofilm's Web page data, said Biofilm webmaster Matthew Eckmann.

Google shouldn't have found the files, Eckmann said. The company had taken a number of steps to block outsiders from discovering the data, including using password protection and robots.txt files to instruct friendly Internet crawlers to stay away from the customer lists.

But other unprotected files on the server made reference to the sensitive Astroglide files and provided pathways for Googlebot to follow, Eckmann said.

The first hint of trouble came April 12. A caller told Biofilm that a Google search for the caller's name produced a link to an Astroglide list with information the person provided when requesting a sample. Reports of more leaked lists soon arrived from others doing similar searches.

"I was surprised because in the four years that this information had been stored in the archive, it had never been accessed" by Google, Eckmann said.

More than 550 lists containing more than 260,000 entries were exposed through Google, according to Wired News.

Merrill said Biofilm didn't know exactly how many customers were involved in the data breach.

Information from Biofilm's paying customers always has been kept behind a protective firewall. The company believes the only files involved in the breach were those from the free sample requests.

After learning about the leak, Eckmann moved the free sample files behind a firewall, blocking Internet users from accessing the lists directly. But copies of the pages, known as caches, and index references to the files remained on Google's servers.

The company also took down its free-sample order pages indefinitely to prevent new lists from being created.

It took Google a week to remove the caches. The pages would have been removed more quickly if the files had contained more sensitive information, such as Social Security numbers, according to a Google Web page that instructs users on how to remove pages from the search engine.

A Google spokeswoman, who wouldn't comment on the Biofilm matter, referred to that Web page.

Index references to the Biofilm customer pages, which pop up during searches but do not contain personal information, still could be found on Google in late April. Clicking on the links led an innocuous error message page.

The fallout from the breach might linger for some time.

Biofilm could face lawsuits over the leaks from some of the people on the lists, said Chris Hoofnagle, a senior staff attorney and privacy expert with the University of California Berkeley's Samuelson Law, Technology and Public Policy Clinic.

Lawyers might argue that Biofilm violated a California law that bars companies from engaging in unfair or deceptive trade practices, Hoofnagle said. They also could argue that the company breached another state law requiring Internet businesses to abide by online privacy policies.

Web pages for ordering Astroglide samples included this disclaimer: "All information will be used for mailing purposes only and will not be distributed to any outside organizations."

Additionally, a privacy policy Web page for the company promises not to share personal information with outside parties without receiving permission or disclosing plans to distribute the information when it's collected.

Any financial hit resulting from litigation probably won't be too large, Hoofnagle said. "This type of leak raises certain legal risks. But these cases settle for very reasonable amounts."

Biofilm's troubles should serve as a warning to everyone who uses the Internet to transfer personal information, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group in Carlsbad, Calif.

"The technology is advancing, but I don't think people's expectations of privacy have kept up with the way technology has changed," she said.

Bellovin, the Columbia researcher, said people can do little to protect personal information once they have shared it online. Even a sound company privacy policy is no guarantee against mistakes and lapses that can lead to security breaches.

He offered this sobering advice: "Buy things over the counter for cash."

1418 times read

Related news

Western Union reveals customer data theft by UPI posted on Jul 17,2007

Google announces free Toilet ISP by Bend_Weekly_News_Sources posted on Apr 01,2007


TJ Maxx hit by hackers; consumer’s credit, debit cards at risk by Bend Weekly News Sources posted on Jan 19,2007

Did you enjoy this article? Rating: 5.00Rating: 5.00Rating: 5.00Rating: 5.00Rating: 5.00 (total 4 votes)

Market Information
Breaking News
Most Popular
Most Commented
Featured Columnist
Horoscope Guide
Aquarius Aquarius Libra Libra
Aries Aries Pisces Pisces
Cancer Cancer Sagittarius Sagittarius
Capricorn Capricorn Scorpio Scorpio
Gemini Gemini Taurus Taurus
Leo Leo Virgo Virgo
Local Attractions
Bend Visitors & Convention Bureau
Bend Visitors & Convention Bureau

Mt. Bachelor Resort
Mt. Bachelor Resort

Les Schwab Ampitheater
Les Schwab Ampitheater

Deschutes County Fairgrounds
Deschutes County
Fairgrounds

Tower Theatre
Tower Theatre

The High Desert Museum

Advertisements



Deschutes County

Google  
  Web    BendWeekly.com
© 2006 Bend Weekly News
A .Com Endeavors, Inc. Company.
All Rights Reserved. Terms under
which this service is provided to you.
Please read our Privacy Policy. Contact us.
Bend Weekly News & Event Guide Online
   Save the Net
Advertisement
External sites open in new window,
not endorsed by BendWeekly.com
Subscribe in NewsGator Online
Add to Google Add to MSN Add to My AOL
What are RSS headlines?