Is Netflix Leaking User Data in it's SEO Efforts?

2 comments
Source Title:
Netflix SEO Efforts Expose User Data In Google and Yahoo
Story Text:

John Coronella at Online Marketer is running a story that says that Netflix are leaking sensitive user data onto Yahoo and Google. He says the leaks appear to be a bungled attempt at SEO'ing their site better.

In an effort to get their pages to rank in Google and Yahoo, Netflix has exposed user data to the public. User data from Netflix customers can be retrieved by the popular search engines Google and Yahoo by performing special queries reveiling a cached version of the page. This was discovered by OnlineMarketer.com on Friday. Judging by the cached date,the pages have been available as early as March 22nd.

Cloaking?

It appears that Netfix may be cloaking pages, and that's where the problems lie - some of the information i've seen includes movies you've returned, such as demontrated on John's site. The info doesn't appear to dangerous, it's not like it's passwords or bank details, but it's certainly not desireable to have your movie preferences shown to the world at large!

If anyone can find queries to demonstrate this better, please add them - at the time of writing i had trouble repeating John's searches - though his screenshots clearly demonstrate that at least at one point this was happening...

Comments

Might be sub standard cloaking

Might be sub standard cloaking, combined with inadequate protection against the engines' caching function.

Trouble is, there's so many sites out there trying to take the "cheap" road (purely UserAgent based cloaking, working from dated and incomplete spider lists, inherently faulty software, etc. etc.) it's pathetic. And, of course, in the long run far more costly than what any decent, "industrial-strength" setup would have been. Typical cases of penny wise and pound foolish ...

Can't replicate his search results, either - should perhaps give it the cached pages a try with JavaScript turned but don't have the time for that currently.

Fresh Dates

Fresh Dates have changed to the 24th for a lot of the pages in Google, and it looks like a few specific pages that showed account info have been removed. Still, there are plenty out there showing "Welcome USERNAME", showing Gbot and Slurp were being authenticated as users.

(this was reported to G, Y, and Netflix (with removal instructions) before making public)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.