Top five worst online privacy breaches

Privacy & Security Posted on July 18, 2012

Top five worst online privacy breaches

If there’s one thing the world wide web has taught us it’s to expect a degree of incompetence when it comes to companies protecting your online privacy. Over the last decade or so there’s been numerous serious online data breaches from major corporations - whether it’s companies such as AOL displaying a bewildering lack of regard for their customers private search data, or Google outright spying on people within their own homes.

We’ve rounded-up five of the worst online privacy breaches below. So sit back and prepare to get outraged!

Sony PSN hack

The attack on Sony’s PlayStation Network gaming platform in April 2011 is widely regarded as one of the biggest and most costly data breaches ever recorded. Approximately 77 million accounts were compromised, with unencrypted data such as passwords and addresses accessed by the hackers. Sony estimated around 12 million account holders had credit card details stored on their system but, after much confusion, it turned out these details were encrypted. So far there’s been no concrete evidence of credit fraud stemming from the attack. Nevertheless this breach of online privacy was hugely costly to Sony ($170 million according to the company), taking the PSN offline for weeks and drawing criticism from governments around the world.

iPhone user tracking

In April 2011 two researchers discovered a file in Apple’s iOS operating system that appeared to reveal all the locations their iPhones had visited in the last 12 months. The revelation caused an uproar, with European governments and the US government demanding explanations. Eventually Steve Jobs offered a personal apology and categorically denied that Apple were tracking iPhone users. According to Apple, the file was used to help speed up GPS functions and wasn’t supposed to store information for such a long period. To its credit, Apple fixed the issue pretty quickly, earning some respect amongst privacy advocates. Since then Apple has been notably cautious in its approach to privacy-related issues such as mobile ad tracking. Nevertheless, the incident just shows how easy it is for companies to track smartphone users – especially if they don’t have a respected brand to protect.

Google Street View data theft

This is one online privacy scandal that’s still very much in play and could blow-up in Google’s face pretty badly. Back in October 2010 Google admitted that its Street View cars, which traveled across the globe taking pictures for the Street View service, collected passwords, emails and web logs from private Wi-Fi connections. Google told the FCC that the data capture was unintentional and no “real harm” had been done. So the FCC decided nothing illegal had happened.

However, fast forward to June 2012 and it’s emerged that the data collection was not unintentional. In fact, the code that stole the private information was written to do just that by a Google engineer. Plus this engineer told his superiors and his colleagues exactly what the code did. Google now faces a renewed investigation into the matter in the UK. Did it knowingly steal private data? Did it then try to cover the whole thing up? Google has some serious questions to answer.

AOL search data posting

In 2006 AOL released more than 20 million search terms connected to 650,000 of its subscribers. Although subscriber names were thankfully replaced by numerical codes, the search details revealed enough private information such as banking data, health related data and other information to make individuals identifiable. In fact, The New York Times managed to locate individuals by cross-referencing data with phone book entries. The scary thing is the leak wasn’t accidental. AOL released the data for research purposes and just failed to grasp the privacy implications.

Fortuny Craigslist Experiment

Ok this one is a little different from the above, as it doesn’t highlight the abuse of customer privacy by corporations, but rather (if you ask us) the stupidity of individuals on the internet when it comes to their own privacy. In September 2006 a graphic designer called Jason Fortuny posted a fake ad on Craigslist, posing as a woman looking for kinky sex. The explicit ad generated even more explicit email responses from hundreds of men. Fortuny then published all these responses along with emailed pictures of the men on the Encyclopedia Dramatica. The story was picked up by major news outlets such as The New York Times and CNN, and before long many of the respondents were identified. Fortuny claims at least two people he knows of were fired from their jobs. In 2009 a lawsuit filed by one of the respondents saw Fortuny pay damages of more than $74k.

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.