Privacy may be a joke to companies, but it’s no laughing matter to the rest of us

The next time you hear a company say, “We take your privacy very seriously,” try to stifle that guffaw that wants to escape from your belly. I know it will be hard, because between Facebook’s prying and Google’s spying, it doesn’t seem like any large organization gives a damn about your personal privacy.

This week brings us several examples of corporations treating their customers’ personal information like confetti at a ticker tape parade.

[ Also on InfoWorld: Be very afraid — your Internet privacy is in Congress’ hands now, reports Cringely. | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

A few days ago some 6.5 million LinkedIn passwords were stolen and put on display on a Russian hacker forum, along with another 1.5 million for the eHarmony dating service and an unknown number from music sharing network Last.fm.

These stolen passwords had at least two things in common: They were protected using an MD5 hash, but not very well (obviously). In all of these cases, the sites failed to “salt” the hash by tossing random characters into the mix, making the encryption much more susceptible to a brute-force attack. In brute-force attacks, code crackers throw random password phrases at each hash until a match is found. So far, more than half of the LinkedIn hashes have been unhashed. Nice.

What’s at stake here? Just your professional reputation and your love life (not to mention your secret fondness for the Bay City Rollers). No big deal, right?

The most straightforward solution is to change your password for these sites. But be careful how you go about it. Almost immediately after news of the hack went public, phisher spammers started taking advantage of the LinkedIn breach by sending out fake emails urging people to reset their passwords, then redirecting them to scam websites where their new passwords would be captured and used to steal their identities.

The other big takeaway: If you used the same password on LinkedIn or eHarmony as you did on other sites, you have to change those too, because they are probably in the hackers’ hands as well. Sorry, Charlie.

And if you think all that was pretty stupid, get a load of this. Yesterday, the FTC announced it would sanction two businesses for leaking sensitive customer data via P2P networks.

Debt collection agency EPN of Provo, Utah, leaked the Social Security numbers and medical information for nearly 4,000 users onto P2P networks. Franklin Budget Auto Sales of Statesboro, Ga., has been charged with leaking the names, addresses, driver’s license numbers, and SSNs for nearly 100,000 customers via P2P.

Not only did these brainiacs install a BitTorrent client on their networks for reasons unknown (I have a few good guesses), they failed to configure the clients to not grab every document on their networks, and they failed to notice that these documents were being shared. That’s the stupidity trifecta.

The FTC is investigating nearly 100 companies that did something similar. It has not revealed what punishments it’s planning to levy on these two businesses or if it plans to even investigate the LinkedIn or eHarmony password breaches. But it’s clear that the downside for this kind of incompetence and stupidity is not bad enough.

By and large, consumers are the ones who pay the price when their identities are stolen and who have to go through the painful ordeal of convincing their banks, insurance companies, employers, friends, and other they are not crooks or fraudsters. Companies get a little bad press, maybe pay a small fine or agree to a privacy audit, and then move on.

If organizations really took our privacy seriously, they’d face serious penalties for such breaches. Until then, the whole notion is just a joke, and not a funny one.

What should happen to companies who leak your data? Smite them below or email me: cringe@infoworld.com.

This article, “Privacy may be a joke to companies, but it’s no laughing matter to the rest of us,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.