Here’s what happens when companies fail to put privacy first

You could easily call 2017 the year of the leaks. With so much sensitive and potentially incriminating evidence hitting newsrooms daily, it’s no wonder privacy has become such a big issue. But what happens when the companies you trust don’t take your privacy seriously?

Here are just a few examples of what happens when privacy takes a back seat.

Fool me once, shame on Yahoo

Yahoo had a total of 1.5 billion user accounts stolen on two separate occasions — the first taking place in 2013 and another, reportedly unlinked hack, in 2014. It took Yahoo two full years before they went public with the details.

In fact, people were using potentially exposed passwords for years without knowing. The hacking of Yahoo is the biggest in history, and despite their best efforts to play it down has become a cautionary tale of how not to secure your servers.

It also serves as yet another reason why it’s so important to update your passwords routinely or use a password manager.

AOL to users: “You’ve got a data leak.”

There was a time when AOL was the undisputed king of the internet, but this wasn’t it. On August 4th, 2006, the instant messaging service inadvertently released two gigabytes worth of detailed user search logs. That equaled some 20 million separate search queries over a three-month period.

While the names of users were anonymous, AOL opted to assign each user with a random ID number instead. Unfortunately, the searches contained enough detail for people to identify users based on various keywords (the ID numbers didn’t help). The New York Times used the logs to identify a user and then published an entire article on it.

Incredibly, AOL failed to redact the leaked information, leaving this incredibly huge pile of private — and potentially dangerous — information out in the open for an entire day.

Hey, Google, can you see me now?

Google’s Street View has taken great strides since its release back in ’06. When the software first came to market, people were up in arms over the potential privacy implications, and for good reason: Street View pulled no punches when it came to showing faces, places, and, well, you get the point.

Fortunately, Street View has gone through dozens of changes and upgrades since then, with more privacy settings in place to help protect and preserve the anonymity of people caught on camera.

Facebook makes private data public, stalkers rejoice

In 2010 Facebook made an update to its privacy settings that made people’s age, gender, DoB, employer, school, and other potentially sensitive profile information public overnight.

This update was all a push to help Facebook be more transparent in the eyes of advertisers, and though user notifications were sent out showing how people could alter their privacy settings, many were still taken by surprise. The fact that the navigation settings were still so convoluted didn’t help matters.

Apply for a job, get locked out of your account

In 2012, LinkedIn issued a statement detailing the theft of nearly 6.5 million passwords. Unfortunately, that wasn’t the entire story. Fast forward to 2016 and 100+ million more LinkedIn passwords miraculously appeared on the Dark Web. The hack was traced directly back to the 2012 breach, which brought LinkedIn’s original number up to nearly 117 million.

While LinkedIn did encrypt the passwords, they failed to store them adequately, and hackers were quickly able to uncover the unsalted data. Good effort on LinkedIn’s part, but poor execution.

Would you like a virus with your burger?

In 2010, McDonald’s held a promotional contest that gave away 10,000 branded MP3 players to select customers in Japan. While the competition proved to be a huge hit, there was a catch: a QQpass trojan found inside the devices collected and transmitted a user’s various usernames and passwords to hackers as soon as it was connected to a PC.

McDonald’s Japan quickly issued a recall and even their own customer hotline to deal with the problem. Unfortunately, by that time the damage was already done.

Privacy matters. Taking the time to secure your accounts and update your passwords could make all the difference between being secure and being sorry. Always keep your VPN on, and make sure you check the privacy settings before logging into a site or adding a new device.

Originally published at Home of internet privacy.