One of the worst (best?) examples I remember was the Web of Trust extension in 2016. The company claimed it was selling anonymized user data but it was actually leaking information through recorded URLs about all sorts of private things like account names, addresses, ongoing legal investigations, etc

https://en.wikipedia.org/wiki/WOT_Services#Sale_of_user-rela...