It is scary easy to leave a shared variable by a novice programmer or to misunderstand caching and cache collisions by the same group. It is part of learning, the scary part is that most profit driven companies see it as cost of doing business and have them on the front lines of production code. In order to push out code faster and cheaper QA and unit testing suffers and the consumers are the ones that end up with the highest risk.
Some companies reputations do get affected to the point it affects business or partnerships (see Wyze cameras and their removed recommendations from tech sites) but something needs to change and regulation is light on fines for companies doing this over and over (along with data breaches).
Is it still true that posting a picture of your boarding pass on social media is enough to let strangers get your passport number and phone number from the Qantas website?