[Web4lib] Library Elf reveals user info

cpikas.14607360 at bloglines.com cpikas.14607360 at bloglines.com
Wed Dec 28 12:59:15 EST 2005


It appears that they're trying to fix it... if you do the search now (as of
12/28 12:55 EST)...
"Invalid password. A change has been made to the RSS
feed security which makes it necessary for you to resubscribe to your Library
Elf feed. Please login to your Elf account and copy the updated XML link to
your feedreader. Note also that if your feedreader is one of the public RSS
aggregators, Bloglines in particular, your feed could be treated as a public
feed and therefore searchable by others on that system. Search for your feed
in these aggregators to see whether your feed has been designated public.
Our apologies for the inconvenience."

HOWEVER -- if you look back a little
in the feed, you can still see historical check-outs and all related personal
information.

Christina

--- RL Hartman <lisrochelle at gmail.com wrote:

It appears to be an issue with RSS feeds (at least in Bloglines).  I
> randomly
emailed one of the patrons who had his account hanging out for all
> the
world to see, and he was grateful to know about the problem, and said he
> felt "a little stupid" for not having known of the risk.
> 
> Rochelle
Hartman
> Bloomington Public Library
> 
> On 12/28/05, Karen Coyle <kcoyle at kcoyle.net>
wrote:
> >
> > Mary Minow posts a rather amazing story about Library Elf
on her web site:
> >    http://blog.librarylaw.com/librarylaw/2005/12/breaking_discov.html

> >
> > According to Mary:
> >   "I had my Bloglines.com reader open for
blog reading.  I typed
> > "library elf" in the SEARCH ALL BLOGS box
> >
<http://www.bloglines.com/search?t=1&r=0&q=%22library%20elf%22>.
> > Imagine
my surprise when I got 228 results, most of which are
> > *individuals' accounts
- one more click gives you first names, email
> > addresses, titles borrowed,
on hold, etc. "
> >
> > It isn't yet clear how this happens, but at least
one person whose
> > account Mary retrieved claims that she had her feed
marked as "private."



More information about the Web4lib mailing list