Last year was a record-breaking year for data breaches, with more than 800 million records lost.
And 2014 doesn’t look like it’s going to turn out any better (hello, eBay).
In our increasingly data-driven world – when our very identities are mined, packaged and sold; and our every move is tracked, logged and stored (hello, NSA) – online privacy has taken a major hit.
The list of culprits in our eroding privacy is long, but some fails stand out in their epicness, if you will.
So we’re calling out five privacy killers that deserve an extra level of shaming.
We want your opinion, too – take our poll at the end of the article so we can crown the biggest privacy fail of them all.
1. Snapchat’s “disappearing” selfies
The Snapchat messaging app gained a lot of popularity with a clever marketing pitch that turned out to be a big fat lie – that your photos and videos would “disappear forever.”
As it turns out, those selfies you thought would vanish after a few seconds were anything but fleeting, as Snapchat was forced to admit after the US Federal Trade Commission slapped the company with sanctions for misleading users.
You see, all your messages, photos and videos stayed right on your phone, and on Snapchat’s servers for an undefined amount of time.
Plus, warning or no warning, recipients of your messages could easily preserve them – forever – by taking a screenshot.
When the US Senate requested Snapchat representatives to appear before a hearing on data breaches, after the company spilled millions of usernames and phone numbers it failed to secure, they didn’t show up.
When called to account for its privacy fails, Snapchat turned into a ghost.
2. Adobe’s mega-breach and password blunders
It’s hard to describe in such a short space the epic string of failures Adobe committed with it’s record-shattering data breach in October 2013.
Not only were Adobe’s systems insecure, allowing hackers to steal 150 million customer records, but users’ passwords were stored in a way that made cracking them far easier than it should have been.
Here’s the rundown of Adobe’s failures from Naked Security writer and crypto-expert Paul Ducklin:
- Passwords were encrypted instead of hashed
- Only one decryption key was used for all passwords
- A block cipher was used, which revealed passwords’ lengths
- Password hints were stored in clear text, with the passwords
- Nonces weren’t used so passwords still matched after encryption
So hackers could lump together batches of passwords that matched and guess all of them from the most revealing password hint in the batch.
They could also guess at passwords based on their distribution. If you know that 123456 is likely to be the most commonly used password then whichever encrypted password occurs most frequently is probably the encrypted form of 123456 and so on.
3. The Talking Angela freak-out
This one would be funny if it wasn’t so … hysterical.
When a hoax appeared on Facebook in February claiming that the children’s app Talking Angela was actually spying on kids, many people didn’t investigate the wild claims for themselves, but shared it far and wide.
The app – which features an interactive Parisian cat that talks to you – is completely harmless.
But the rumor spread like wildfire, including the far-fetched notion that a man is hiding in a room in the cat’s eyes! Who takes pictures! Of your children!
Millions of people were conned by a scam about a privacy hole that didn’t exist, spreading the misinformation and duping others.
Some even offered the ‘advice’ that if you still want to let your kids play this game – despite their conviction that it’s spying on them – you should just cover up your phone’s camera with your finger.
Here’s an actual Facebook comment from someone spreading this ridiculous tale (the ALL CAPS are from the original post).
DO NOT DOWNLOAD THIS APP I AM WARNING YOU DO NOT DOWNLOAD THIS APP. IT IS TOTALY DANGEROUS AND DONT LISTEN TO WHAT THE MAKERS OF THE APP TELL YOU... IF U ZOOM IN HER EYES U WILL SEE A ROOM WITH A GUY IN IT, AND IT TAKES RANDOM PICTURES.... IF U WISH TO DOWNLOAD MAKE SURE U COVER UR CAMERA WITH UR FINGERS
Do you really want to take security advice from someone who can’t locate the caps lock key?
This hoax wasn’t even original – the same Talking Angela furor had spread almost exactly one year before.
That’s an epic fail.
4. Google Glass wearer proves “Glassholes” do exist
Google Glass hasn’t hit the mainstream yet – and this kind of camera-equipped, face-wearable device may never take off if people’s reactions to it are any indication.
Maybe that’s an unfair stereotype, but a few rude individuals have cemented the perception of Glassholes into a reality.
Our nominee for an epic privacy fail is Glass “Explorer” Sarah Slocum, who continued to record patrons of a San Francisco bar who made it clear as *ahem* glass that they didn’t care for it.
After the confrontation, Slocum compounded the privacy fail by sharing her recording with a local TV station.
5. Target’s point-of-sale malware fiasco
If you’re looking for a fail of epic proportions, it’s hard to miss the Target data disaster, which affected millions of customers whose credit and debit card numbers were stolen by hackers just before Christmas last year.
Target missed badly with this list of failures:
- The sophisticated cybercriminal gang that carried out the attack used credentials stolen from a Target contractor to gain access to a supposedly secure network.
- Target execs were advised months before the breach to carry out a security review that might have caught the holes the hackers exploited.
- Target sent a breach notification letter to customers that didn’t clearly identify what data was stolen and included some really bad security advice.
To be fair to Target, a credit card breach of this sort, which used malware on its point-of-sale machines to steal unencrypted card numbers, wouldn’t be possible if US banks and retailers had adopted more secure chip-and-PIN cards, rather than insecure magnetic swipe cards.
There’s a lot of fail to go around.
Take our poll
Now it’s your turn – which of these epic fails is the biggest? Who is the worst offender in our loss of privacy and security? Who deserves the crown of shame?
Take our poll, and sound off in the comments, to tell us what you think.
And because this is by no means a definitive list, you can nominate your own choice for most epic privacy fail.