This just got me thinking, which would be worse -- your account data from any one site leaked, or metadata about your internet activities leaked? Thinking about the arguments about mass data collection and metadata, I'm pretty certain I'd be most worried about metadata. Do metadata-collecting companies tend to be more secure, or more security aware, or it just hasn't happened yet?
What I mean is, if your private browsing session from your laptop, along with non-private sessions, and data connections for IM conversations, were all leaked, that would be intensely revealing.
AIUI most states don't require breaches to be announced unless they get some combo of credit cards, passwords, email/name/phone, and govt' IDs. So metadata spying companies like Adobe/Omniture might never report being hacked at all.
Frankly it bothers me how lackadaisically business types treat security sometimes, caring more about company image than customer privacy, to the point of never revealing massive breaches if they don't hit states' ridiculous requirements for disclosure.
What I mean is, if your private browsing session from your laptop, along with non-private sessions, and data connections for IM conversations, were all leaked, that would be intensely revealing.