Right now, Ask.com’s Apache server status page is open for the public to look at, and can be found at ask.com/server-status.  In short, any queries and user actions done on that server on Ask.com was open to anybody to look at.

It seemed that the page was left completely open for the public to check out.  There was the possibility that when it was rebooted three days ago, the server page was accidentally left unlocked and left for people to look at.  When I went to check out the page for myself at the time of this writing, I was unable to see the information of people’s searches.  I assume ask.com finally locked it up.

All the IP addresses that were seen listed within the page were internal IPs, likely the Ask.com firewall.  Luckily for Ask.com users, their unique searchers’ IP information was not exposed.

This is a snippet of the exposed log:

When the information was exposed as you can see above clear queries from real searchers had been fully exposed.  While the page had been exposed, you could just keep refreshing the ask.com/server-status page and see queries from real searchers.

This had been discovered by discovered by Paul Shaprio about two hours ago.

At 11:15am EST, the page was locked down and we can no longer access it.

Ask.com’s press team sent Search Engine Land this response:

We have been working to address the inadvertent publishing of the Ask.com server status page and can report that this matter has now been globally resolved. We can confirm user IP addresses were not accessible during this incident, only queries and the IP addresses of our internal servers. We regret this error and are committed to protecting the confidentiality and security of our users’ information.

 

 

Source –