Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

23 Mar 2018
In March 2018, a security researcher discovered that the state-owned utility company Indane had access to the Aadhaar database via an API, but they did not secure this way of entry. As a result, anybody was able to use this service to access details on the Aadhaar database about any Aadhaar number
27 Mar 2018
Affiliate marketers, who buy ad space in bulk, run campaigns, and earn commissions on the sales they generate, are behind some of the shady and misleading ads that pollute social media and the wider internet, despite also promoting some legitimate businesses such as Amazon and eBay. At one of
28 Mar 2018
In March 2018, Facebook announced it was scrapping plans to show off new home products at its developer conference in May, in part because revelations about the use of internal advertising tools by Cambridge Analytica have angered the public. The new products were expected to include connected
29 Mar 2018
In March 2018, Indian Congress president Rahul Gandhi tweeted that the Naramendra Modi app issued by India's ruling Bharatiya Janata Party was leaking user data. The app is intended to spearhead BJP's social media strategy in the run-up to the 2019 general elections; the party hopes to use it to
30 Mar 2018
Users downloading their Facebook histories have been startled to find that the company has been collecting call and SMS data. The company has responded by saying users are in control of what's uploaded to Facebook. However, the company also says it's a widely used practice when users first sign in
31 Mar 2018
Behind the colourful bicycles and games rooms, Silicon Valley tech giants operate a strict code of secrecy, relying on a combination of cultural pressure, digital and physical surveillance, legal threats, and restricted stock to prevent and detect not only criminal activity and intellectual property
02 Apr 2018
By 2018, gene studies involving more than 200,000 test takers had found correlations between 500 human genes and academic success. Based on these results, the behavioural geneticist Robert Plomin claimed that parents would be able to use consumer tests to enable "precision education", built around
02 Apr 2018
In April 2018, a researcher at Norway's SINTEF found that the gay-daring app Grindr was sending its 3.6 million users' HIV status and last tested date along with their GPS data, phone ID, and email to two app-optimising companies, Apptimize and Localytics. SINTEF also found that the company was
03 Apr 2018
In 2016, researchers discovered that the personalisation built into online advertising platforms such as Facebook is making it easy to invisibly bypass anti-discrimination laws regarding housing and employment. Under the US Fair Housing Act, it would be illegal for ads to explicitly state a
04 Apr 2018
In the United States, monitoring efforts to combat public benefits fraud are often part of a broader approach that focuses on stigmatizing people receiving benefits and reducing their number, rather than ensuring that the maximum number of people who are eligible receive benefits. However, fraud
07 Apr 2018
In late 2018, after apps like Strava and Polar Flow exposed the movements of staff around military bases, the US Department of Defense banned military troops and other workers at sensitive sites from using fitness trackers and other apps that could reveal their users' location. Military leaders will
09 Apr 2018
A 2016 Privacy International report on Syrian state surveillance found that between 2007 and 2012 the Assad regime spent millions of dollars on building a nationwide communications monitoring system. By 2012, this surveillance capability helped the Syrian government target and murder journalists
12 Apr 2018
In April 2018, Facebook announced that in six months it would end a programme it called "Partner Categories", in which the social network acted as a bridge between data brokers like Acxiom, Epsilon, and TransUnion and the consumers their customers want to reach. In this deal, Facebook did not
15 Apr 2018
In a talk at the 2018 Wall Street Journal CEO Council Conference, Darktrace CEO Nicole Eagan gave as an example of the new opportunities afforded by the Internet of Things a case in which attackers used a thermometer in a lobby aquarium to gain a foothold in a casino's network and exfiltrate the
19 Apr 2018
By 2018, Palantir, founded in 2004 by Peter Thiel to supply tools for finding obscure connections by analysing a wide range of data streams to the Pentagon and the CIA for the War on Terror, was supplying its software to the US Department of Health and Human Services to detect Medicare fraud, to the
20 Apr 2018
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can
21 Apr 2018
In December 2014 researchers at Malwarebytes discovered that for two months an Adobe Flash player zero-day exploit with a ransomware payload was embedded in online ads placed by a leading advertising network. The attack ended when Adobe patched Flash to close the vulnerability on February 2, 2015
24 Apr 2018
The US Securities and Exchange Commission announced in April 2018 that it would fine Altaba, formerly known as Yahoo, $35 million for failing to disclose its massive 2014 data breach. Yahoo did not notify the hundreds of millions of customers until the end of 2016, when it was closing its
25 Apr 2018
Police and blackmailers in Egypt are using gay dating apps like Grindr, Hornet, and Growlr to find targets tor arrest and imprisonment while the developers who can make changes are thousands of miles away and struggle to know what to change to protect their users. In a typical story, a target finds
27 Apr 2018
For years, car manufacturers including Range Rover, BMW, and Volkswagen kept secret security risks in their vehicles' keyless entry systems that exposed hundreds of millions of car owners to the risk of theft from attackers using gadgets available online for £100. In March 2018, Range Rovers were