So, despite the fact that we know that social networking services have had major privacy failures, most users either believe, ignorantly, in the services' abilities to maintain their privacy or, apathetically, they don't care or can't be bothered and thereby ignore the failures.
This information resulted in data such as people's names and their friends' names being used by various advertising companies despite many of the affected users having set their privacy settings to the most restrictive level.
Although the data was actually collected by the third-party applications, the failure to maintain user privacy was strictly Facebook's fault as they didn't apparently monitor how data was being used by the third parties. That was bad enough, but the fact that Facebook didn't engineer mechanisms into its systems to detect or prevent the problem was bad engineering at best (ignorance) and negligence at worst (apathy).
The Federal Trade Commission recently finished its investigation into these issues and Facebook got off ridiculously lightly with just 20 years of adult supervision in the form of regular privacy compliance audits. Facebook CEO Mark Zuckerberg sagely admitted that the company had "made a bunch of mistakes." Really? Just a bunch of mistakes? No worse than, say, forgetting to buy milk on the way home? And did Facebook users do much more than grumble? Nope, apathy won again.
I mentioned Etsy ... it failed quite spectacularly back in March this year by trying to get all social.
What Etsy did was change users' privacy settings without telling anyone in an effort to, it hoped, foster more community. While users could still go into their accounts and reset how much of their personal details and purchasing from the site was public, most of them found out well after the fact. This meant that some people who had bought items of what we shall call a "personal" nature were horrified to discover that between the change and whenever they restricted their account, the entire world also knew what they now owned.