Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

22 Aug 2018
In August 2018, the US Democratic National Committee notified the FBI that the San Francisco-based security company Lookout and the cloud service provider DigitalOcean had detected an attempted hack targeted at the DNC voter database. The attack took the form of a fake DNC login page intended to
22 Aug 2018
The 2017 hack of the shipping company A.P. Møller-Maersk, which manages 800 seafaring vessels and 76 ports that handle nearly a fifth of the world's shipping capacity, required an emergency shutdown of the company's entire IT system, including its phones. Maersk was a victim of NotPetya, the most
23 Aug 2018
In 2018, changes to Apple's rules for data collection led Facebook to withdraw its Onavo Protect VPN app from the app store. The app's function was to warn users when they were visiting potentially harmful websites and protected their data when using public wifi. However, the app also collected data
23 Aug 2018
Facebook-owned Onavo VPN (adertised as a way to block harmful websites, and keep a user's data safe) is pulled from the Apple App Store due to tracking, collecting, and analysing customers' usage data, including from other unrelated apps. https://arstechnica.com/tech-policy/2018/08/facebook-violates
23 Aug 2018
In August 2018, domestic abuse victims, their lawyers, shelter workers, and emergency responders began finding that the Internet of Things was becoming an alarming new tool for harassment, monitoring, revenge, and control. Smartphone apps enable abusers to remotely control everyday objects inside
25 Aug 2018
By the time T-Mobile announced in August 2018 that a data breach had compromised customers' names, billing zip codes, email addresses, account numbers, account types, phone numbers, and some hashed passwords, the most crucial of these had become phone numbers. Never intended as identifiers, phone
30 Aug 2018
The payday lender Wonga announced in April 2017 that a data breach at the company affected an estimated 270,000 customers, 245,000 of them in the UK and the rest in Poland. The company sent those it thought were affected messages warning that it believed there may have been illegal and unauthorised
31 Aug 2018
In August 2018, two lawsuits, were filed against NSO Group, one brought in Israel by a Qatari citizen and the other in Cyprus by Mexican journalists and activists. All the plaintiffs had been targeted by the company's Pegasus spyware, which takes control of targets' phones when they click on links
01 Sep 2018
In September 2018, security researcher Patrick Wardle found that Adware Doctor, the top-selling paid utilities app in the US Mac App Store, was exfiltrating the browser history of anyone who downloaded it and sending it to a developer. Adware Doctor is intended to protect browsers against adware. A
04 Sep 2018
For many Filipinos, Facebook is their only way online because subsidies have kept it free to use on mobile phones since its launch in the country in 2013, while the open web is expensive to access. The social media network is believed to have been an important engine behind the ascent to the
04 Sep 2018
In 2018, a group of researchers from the Campaign for Accountability posed as Russian trolls and were able to purchase divisive online ads and target them at Americans using Google's advertising platform. The researchers constructed fake profiles using the name and identifying details of the
06 Sep 2018
Following the 9/11 attacks in 2001, the New York City Police Department installed thousands of CCTV cameras and by 2008 in partnership with Microsoft had built the Lower Manhattan Security Coordination Center to consolidate its video surveillance operations into a single command centre that also
07 Sep 2018
In September 2018, the GuardianApp group of security researchers discovered that dozens of popular news, weather, and fitness iPhone apps that require access to location data sell the data they collect to companies engaged in businesses such as ad targeting. The group found apps such as ASKfm, NOAA
10 Sep 2018
In September 2018, AI Now co-founder Meredith Whittaker sounded the alarm about the potential for abuse of the convergence of neuroscience, human enhancement, and AI in the form of brain-computer interfaces. Part of Whittaker's concern was that the only companies with the computational power
11 Sep 2018
In September 2018, a software patch was found by journalists to be widely available, that disabled or weakened the security features in the software used to enroll people on the Aadhaar databse, potentially from anywhere in the world. The patch was reportedly widely-available in WhatsApp groups
12 Sep 2018
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the
12 Sep 2018
In September 2018, Acxiom introduced an open data framework intended to create an omnichannel view of the people in its database. The company claims this "unified data layer" will let customer companies connect their marketing technology and ad technology ecosystems and connect the online world to
14 Sep 2018
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal
14 Sep 2018
In September 2018, Google was discovered to be prototyping a search engine, codenamed Dragonfly, designed to comply with China's censorship regime. Among other features, Dragonfly would tie users' searches to their personal phone numbers, ensuring the government could track their queries. Among the
15 Sep 2018
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to