Oink’s Data Privacy Breach: Download the Data of Any User with Their Own Export Tool
Cristina Cordova, at her blog::
When Oink shut down yesterday, I used their export tool so that I could do something useful with the information I gave them. In requesting my data, which I did simply by filling out a form with only my username, I received the email below. In looking at the link, it seemed that my publicly available username (cristina) called for the download. The screenshot shows a simple link ending in "cristina-export.zip". So, curiously, I tried replacing my username with Kevin Rose’s: http://oink-prod.s3.amazonaws.com/kevinrose-export.zip (go ahead, click it). You’ll get a zip file of every item he has ever added, rated or reviewed. You’ll also get every photo he has ever uploaded to Oink. I began thinking about what access I gave to Oink – did I somehow allow them to make all of my data publicly available without my consent? Well, I tried exploring their privacy page, but it seems to conveniently redirect to their data export page. I hope in the Milk team’s next steps at Google, they place a higher value on user data and privacy. Next steps at Google placing higher value on data and privacy? HA!