So, the online bookmarking / social network site Reddit was down for a couple of days, and admits to having a lot of their data stolen. They further admit that the data will have included logins, passwords, and e-mail addresses.
The part that was stolen, according to the news story, was “media of ours that contained a backup of a portion of the reddit database was stolen recently”… Not being funny, but what the hell is a media company doing having unencrypted ‘backup media’ (CD or DVD, presumably) laying around? That’s hardly what’s known as being diligent in protecting your users.
Not a big problem, right? Well, actually, yes, it is a rather big problem. In their privacy policy, they state:
We will only use email addresses for password retrieval and will never give out your email address or the email addresses of your contacts without your prior approval.
Any data we collect will never be used to identify you.
Sure, they technically didn’t ‘give out’ the e-mail addresses, but wouldn’t it be terribly convenient if a company could just have all the data ’stolen’ at regular intervals, and that the data could be sold to spammers?
I’m sure the Reddit guys didn’t mean any harm, but the vague privacy policy, the rubbish backup routine and the fact that the data was ’stolen’ in the first place makes me lose faith in them in a big way…