Inadvertently Leaked Searcher Query Data Via Server Status Page

Apr 11, 2017 • 8:01 am | comments (0) by | Filed Under - Ask Jeeves Logo red, last week, "inadvertently" was exposing their searcher query data to the whole world by not locking down their Apache server status page. It was pretty insane actually for this to happen and I covered it at Search Engine Land immediately when I spotted the post on Twitter from Paul Shapiro on this.

In short, the server status page which is located on most Apache servers at /server-status was not locked down and visible to everyone. While it did not share the searchers IP address, it did expose live queries happening on

@notsleepy spotted this one live:

C8z 3dJVoAE AVg

But there were plenty of embarrassing ones. sent this statement to us:

We have been working to address the inadvertent publishing of the server status page and can report that this matter has now been globally resolved. We can confirm user IP addresses were not accessible during this incident, only queries and the IP addresses of our internal servers. We regret this error and are committed to protecting the confidentiality and security of our users’ information.

In any event, that was pretty wild to see and it may have been like that for 3 days until we notified about it.

This reminded me of the AOL leak from 2006.

Forum discussion at Twitter.

This post was scheduled to go live today but was written earlier - I am currently offline today.

Previous story: Google Announces Product Schema For Image Search Months Later
Ninja Banner
blog comments powered by Disqus