When dealing with information in that magnitude, mistakes happen. At least they didn't give it away for a price. And they were quick to plug the leak and do some PR and let the people know. I would be more concerned it was leaked that they purposefully gave it out.

URL that contains login data? Huh?

I remember reading somewhere that Google does not delete it's data at all, meaning that our entire history and thoughts are essentially there. IMO it's only a matter of time before a major leak occurs.

The information was collected when users submitted suspected phishing sites through the Google Toolbar browser extension. Several of the URLs that were submitted also contained login and password information.

Ok, so it wasn't a leak, per se. Users submitted sensitive URLs to Google, and Google automatically published them. I wouldn't really blame Google for that.

walkman, you have to be more specific when prophecizing a doomsday for google. A two minute search just revealed several of google's data practices. They vary based on service, but none appear to be as terrible as you suggest.

>> A two minute search just revealed several of google's data practices.

I will stand by my "doom and gloom" scenario. Data practices are all fine and dandy, but mistakes do happen, hackers do break in, and most importantly, the police will one day demand them.

For the record: this is not just about Google, it applies to all companies.

That's why I tend to use screwgle.

If you've searched using Google, and you've had the same broadband connection at home for 2-3 years (and a static IP), there's a good chance GOOG knows what you've been thinking about for the past few years. If you use Adwords or AdSense, GOOG knows what income you make through GOOG (and your credit card and home/billing address). If your business depends heavily on GOOG PPC or natural SERP they could roughly estimate your business income. If you use Gmail, well - they know who you've been talking to.

That described me, and when I realised it, i started reducing my dependency on GOOG. That's why I avoid GOOG checkouts - it's another collection point of my personal info.

Matt Cutts' declaration in response to the DOJ subpoena mentioned that GOOG limits access to different areas of the company on a need to know basis; but this statement seemed to be more to emphasise the proprietary nature of the algo.

As anyone in large companies know, (even in financial services companies), multiple data stores aren't difficult to access. And it takes just one disgruntled employee who leaves the company to wreak havoc.

GOOG isn't to blame though, its our own personal choice as to how much information we give one entity.

And just because you're paranoid, doesn't mean they're NOT out to get you!

more than a dozen users

Even a million is more than a dozen. How many users are they talking about?

More than a dozen usually means less than two dozen.

Then they should have said 'less than two dozen'.

But the point is that it was a very small number of users, and the at-risk population was not Google's entire user base, but only the people who submitted sensitive URLs via the anti-phishing tool.