Top five worst online privacy breaches

If there’s one thing the world wide web has taught us it’s to expect a degree of incompetence when it comes to companies protecting your online privacy. Over the last decade or so there’s been numerous serious online data breaches from major corporations - whether it’s companies such as AOL displaying a bewildering lack of regard for their customers private search data, or Google outright spying on people within their own homes.

We’ve rounded-up five of the worst online privacy breaches below. So sit back and prepare to get outraged!

Sony PSN hack

The attack on Sony’s PlayStation Network gaming platform in April 2011 is widely regarded as one of the biggest and most costly data breaches ever recorded. Approximately 77 million accounts were compromised, with unencrypted data such as passwords and addresses accessed by the hackers. Sony estimated around 12 million account holders had credit card details stored on their system but, after much confusion, it turned out these details were encrypted. So far there’s been no concrete evidence of credit fraud stemming from the attack. Nevertheless this breach of online privacy was hugely costly to Sony ($170 million according to the company), taking the PSN offline for weeks and drawing criticism from governments around the world.

iPhone user tracking

In April 2011 two researchers discovered a file in Apple’s iOS operating system that appeared to reveal all the locations their iPhones had visited in the last 12 months. The revelation caused an uproar, with European governments and the US government demanding explanations. Eventually Steve Jobs offered a personal apology and categorically denied that Apple were tracking iPhone users. According to Apple, the file was used to help speed up GPS functions and wasn’t supposed to store information for such a long period. To its credit, Apple fixed the issue pretty quickly, earning some respect amongst privacy advocates. Since then Apple has been notably cautious in its approach to privacy-related issues such as mobile ad tracking. Nevertheless, the incident just shows how easy it is for companies to track smartphone users – especially if they don’t have a respected brand to protect.

Google Street View data theft

This is one online privacy scandal that’s still very much in play and could blow-up in Google’s face pretty badly. Back in October 2010 Google admitted that its Street View cars, which traveled across the globe taking pictures for the Street View service, collected passwords, emails and web logs from private WiFi connections. Google told the FCC that the data capture was unintentional and no “real harm” had been done. So the FCC decided nothing illegal had happened.

However, fast forward to June 2012 and it’s emerged that the data collection was not unintentional. In fact, the code that stole the private information was written to do just that by a Google engineer. Plus this engineer told his superiors and his colleagues exactly what the code did. Google now faces a renewed investigation into the matter in the UK. Did it knowingly steal private data? Did it then try to cover the whole thing up? Google has some serious questions to answer.

AOL search data posting

In 2006 AOL released more than 20 million search terms connected to 650,000 of its subscribers. Although subscriber names were thankfully replaced by numerical codes, the search details revealed enough private information such as banking data, health related data and other information to make individuals identifiable. In fact, The New York Times managed to locate individuals by cross-referencing data with phone book entries. The scary thing is the leak wasn’t accidental. AOL released the data for research purposes and just failed to grasp the privacy implications.

Fortuny Craigslist Experiment

Ok this one is a little different from the above, as it doesn’t highlight the abuse of customer privacy by corporations, but rather (if you ask us) the stupidity of individuals on the internet when it comes to their own privacy. In September 2006 a graphic designer called Jason Fortuny posted a fake ad on Craigslist, posing as a woman looking for kinky sex. The explicit ad generated even more explicit email responses from hundreds of men. Fortuny then published all these responses along with emailed pictures of the men on the Encyclopedia Dramatica. The story was picked up by major news outlets such as The New York Times and CNN, and before long many of the respondents were identified. Fortuny claims at least two people he knows of were fired from their jobs. In 2009 a lawsuit filed by one of the respondents saw Fortuny pay damages of more than $74k.

Comments icon
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to
Tags: Privacy

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.

You can't always get what you want: the eternal conflict between lawful access and privacy

Posted on April 19, 2018 by mirimir

In late March, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) took effect. And predictably, the US Supreme Court just dismissed United States v. Microsoft Corp. In that case, Microsoft was fighting a subpoena for data stored in an Irish data center.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.