AOL Tells of Breach of Privacy

AOL released the Internet search terms that more than 650,000 of its subscribers entered over a three-month period and admitted Monday that what it originally intended as a gesture to researchers amounted to a privacy breach and a mistake.

Although AOL had substituted numeric IDs for the subscribers’ real user names, the company said the search queries themselves may contain personally identifiable data.

For example, many users type their names to find out whether sites have dirt on them and then separately search for online mentions of their phone, credit card or Social Security numbers. A few days later, they may search for pizzerias in their neighborhoods, revealing their locations, or for prescription drug prices, revealing their medical conditions. All those separate searches would be linked to the same numeric ID.

“Search query data can contain the sum total of our work, interests, associations, desires, dreams, fantasies and even darkest fears,” said Lauren Weinstein, a privacy advocate.

“This was a screw-up, and we’re angry and upset about it,” AOL spokesman Andrew Weinstein said. “It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant.”

He could not say whether anyone has been disciplined, saying an internal investigation was continuing.

The disclosure comes as the Time Warner Inc. unit tries to increase usage of its search services and other free, ad-supported features to offset a decline in subscriptions, a drop that is likely to accelerate with its recent decision to give away AOL.com e-mail accounts and software.